Webinspect vulnerability for Cross Site Request Forgery

Explorer ,
Aug 12, 2015 Aug 12, 2015

Copy link to clipboard

Copied

We regularly have to run webinspect scans on our CF servers.  Recently, we started getting CSRF findings on both our new CF11 servers as well as our one remaining CF9 server.  After doing research, it appears that with CF10 and later, there are tags to remediate this.  My questions are:

- is this the only method to remediate?  Are we really going to have to add this token logic to every form that the scan finds, which could be hundreds?

- is there not some administrator parameter that can remediate this across the server?

Thanks in advance for any assistance...


Views

210

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
no replies

Have something to add?

Join the conversation