Disclaimer: This platform is for educational and authorized security testing only.
Bricxt SquadCybersecurity Education & Ethical Hacking Labs

CSRF

Prevent cross-site request forgery with modern cookie and token strategies.

Core Defenses

  • Use POST/PUT/DELETE for state changes (not GET)
  • CSRF tokens (per form/request with server validation)
  • SameSite cookies (Lax/Strict) + Secure + HttpOnly

SPA/API Patterns

  • Prefer Authorization headers over cookies for APIs
  • Double-submit cookie if cookies are required
  • Rotate session on privilege changes

Copy-Ready Safe Examples

<form method="POST" action="/profile/update">
  <input type="hidden" name="csrf" value="<server-generated-token>" />
  <input name="displayName" />
</form>