JMU
Cross-Site Request Forgery (XSRF)
Vulnerabilities, Attacks, and Mitigations


Prof. David Bernstein
James Madison University

Computer Science Department
bernstdh@jmu.edu


Motivation
The Simplest Instance
Another Instance
A Common Misconception and Clarification
An Important Issue
Mitigation During Design
Mitigation During Construction
Mitigation During Validation/Verification