Practice free →
HomeBCA Cyber SecuritycybersecurityWeb Security — OWASP › CROSS-SITE REQUEST FORGERY (CSRF) is best mitiga…

CROSS-SITE REQUEST FORGERY (CSRF) is best mitigated by

Adisabling JavaScript
Banti-CSRF tokens with SameSite cookies
Cblocking all POST requests
Dusing HTTPS only
Answer & Solution
Correct answer: B. anti-CSRF tokens with SameSite cookies
1. CSRF: attacker tricks an authenticated user's browser into submitting a state-changing request (e.g. transfer money) without the user's intent. 2. MITIGATIONS (used together for defense in depth): • ANTI-CSRF TOKENS: each form embeds a per-session unguessable token; the server validates it on submit. Attackers on another domain cannot read it. • SAMESITE COOKIES: setting cookies to SameSite=Lax or SameSite=Strict prevents cookies from being sent on cross-origin requests. • Origin/Referer header checks for state-changing requests. 3. HTTPS (D) protects in-transit secrecy but doesn't prevent CSRF. 4. Modern browsers default cookies to SameSite=Lax — but explicit token-based defense is still recommended. _Source: OWASP CSRF Prevention Cheat Sheet + Top 10 2021 cross-references._
Solve this in the app — BCA Cyber Security practice & 24k+ MCQs →
Related questions