In the online world, there are more and more cybercrime attacks, many of which go unnoticed because the victims don’t even know about it. There are threats such as Cross-Site vulnerabilities or CSRF (Cross-Site Request Forgery), so difficult to prevent and detect that you have to use advanced software to avoid major problems.
A CSRF attack is a malicious technique that forces a victim’s web browser, previously authenticated in some service such as email or online banking, to send a fake HTTP request to a vulnerable web application.
Thus the cybercriminal is able to perform an action through its victim, since the malicious activity will be processed on behalf of the connected user, so the application will think that it is a legitimate request.
CSRF vulnerabilities exploit the user’s trust. The hacker usually carries out this attack only when the user has validated their data in an application or website. By entering requests that appear valid; but are falsified, the attacker will be able to modify the behavior of the application in his favor.
When executing such attacks, a cybercriminal could post comments on social networks, send emails or messages on behalf of the user, move funds, make transfers or make payments, change the password or other parameters of the user in the exploited application and basically perform any action allowed by the web.
How to prevent Cross-Site Vulnerabilities (CSRF)
Any company with applications or websites should implement some security systems to prevent CSRF vulnerabilities. There are several mechanisms that help to avoid these problems; although there are some more used than others because they offer better results.
Validation of the secret token
The most commonly used mechanism to prevent cross-site vulnerabilities is to request additional information on each HTTP request to determine if it actually comes from a trusted source. This process consists of the inclusion of a secret token or random value; which is generated and reported to the user’s browser at the time of logging in.
This validation code must be difficult to guess and if a request does not include such a code or does not match the expected value; the server will reject the request.
Sending double cookies
Another action that can help prevent counterfeiting of cross-site requests is the double sending of cookies. This is a variant of the token mechanism; but in this case, the code must match the session ID in the cookie.
The server must verify that both are the same in each request. But since the site from which the attack comes is not the same as that of the victim; this verification cannot be carried out and the request will, therefore, be rejected.
Checking the HTTP Referer header
It is also possible to prevent cross-site vulnerabilities by checking the HTTP Referer header. When you make a request in a web application the browser issues an HTTP request which includes a header called ‘Referer’ indicating the URL that initiated the request.
Thanks to this information, the header can know if the second request was made from the same place as the first. If the domain does not match then the attack will be avoided. However, this mechanism is not often used; as the Referer header shows sensitive information that affects the privacy of users such as the content of the user’s search.
Other options
In addition to the above mechanisms, companies can also apply other actions such as asking the user for credentials or a CAPTCHA. Also, many sites tend to limit the lifetime of sessions; although it is important to do so in a way that does not affect the usability of the web.
Recommended Habits to Help prevent Cross-Site Vulnerabilities
By validating the secret token, sending double cookies, checking the HTTP Referer header and other actions companies can prevent CSRF vulnerabilities in their systems.
However, as an extra security measure, it is recommended to advise users to follow some practices that could help minimize risks.
● Configure your browser so that it does not save usernames or passwords; as malicious code in CSRF attacks is usually written to take advantage of this information.
● Disconnect immediately upon completion of a banking or financial transaction on a website. Never minimize or close your browser without this previous step.
● Use different browsers. Choose one for sensitive information and one for general navigation. Using incognito mode is a good alternative too.
● Disable scripts in the browser or use a plug-in that blocks them.
Protect yourself from cross-site vulnerabilities with Acunetix
Nowadays, experts estimate that 70% of websites are hackable. And even if you have implemented measures to prevent cross-site vulnerabilities; you should know that the techniques of attackers evolve fast, so you must always be aware. Also remember that after an update or a change in the code of your site, some controls could be removed and leave the site vulnerable.
To anticipate this type of situation it is essential that you follow preventive actions and one of them is to use Acunetix. An automated security tool, whose job it is to scan websites for threats. To do this it uses its crawlers, with which it analyzes your web directories to identify anomalies.
Acunetix also stands out from other solutions to prevent CSRF vulnerabilities.
because:
● This software offers data security.
● Scan any website accessible through Http or Https. In addition; it is able to analyze applications that use complex libraries such as those based on HTML 5, PHP and Javascript.
● Also, it has a friendly and intuitive interface.
● It provides detailed reports and allows access to well-structured statistics and reports.
Preventing cross-site vulnerabilities is very simple with Acunetix. Remember that the security of your users is fundamental for the success of your company.
If you want to take advantage of this security solution, do not hesitate to contact us. At GB Advisors we have specialists in the area who will offer you all the information you need.
