Your company sells toys online worldwide, which is supported by a web-based E-Commerce system. The EC system issues an access token, which is renewed on a rolling basis, for subsequent access authorization after a user is validated. The front-end experience in modern web browsers is implemented by mobile code, which is supported by a RESTful back-end API with rigid input validation. You are planning for a new feature that simplifies the process of placing orders by adding a “Buy it again” button beside each historical order. Which of the following is the most concern?
A. Cross-Site Scripting (XSS)
D. Cross-Site Request Forgery (CSRF)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Replay.
Cross-Site Scripting (XSS) and Injection
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is a good candidate as the answer. A traditional CSRF attack happens with the following preconditions:
- The victim user has logged into the system, e.g., an online bank.
- The victim user clicks the malicious hyperlink with forged or manipulated parameters.
- The victim system accepts the URL sent as an HTTP GET request.
The following are tips to mitigate CSRF attack:
- The system should not accept requests for transactions through GET. Instead, transactions should be done through POST, PUT, or DELETE. A RESTful API uses HTTP verbs/methods in such a way: GET for a query, POST for insert, PUT for modifying, and DELETE for delete.
- The CSRF attack can be triggered through an HTTP form inside an iframe as well. So, the same-origin policy should be enforced. Modern web browsers enable the same-origin policy by default.
- CSRF attacks an be sent from attack utilities by attackers. The ultimate way to mitigate this risk is to implement authentication code stored in a hidden input in each HTTP form. Microsoft ASP.NET MVC supports this feature very well.
A replay can be triggered by a middle man, malicious users, or unintentional behavior. The replay message may or may not be manipulated. The question does not suggest any mitigation against the replay attack.
- Cross-site scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Preventing Cross-Site Request Forgery (CSRF) Attacks in ASP.NET MVC Application
- Common Security Issues in Financially-Oriented Web Applications
- Same-origin policy
- Same-Origin Policy: Evaluation in Modern Browsers
- Origin Policy Enforcement in Modern Browsers
- The Definitive Guide to Same-origin Policy
- Example of silently submitting a POST FORM (CSRF)
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.