Which of the following is the BEST way to prevent Cross-Site Request Forgery (XSRF) attacks?
A.
Check the referrer field in the HTTP header
B.
Disable Flash content
C.
Use only cookies for authentication
D.
Use only HTTPS URLs
Explanation:
XSRF or cross-site request forgery applies to web applications and is an attack that exploits the
web application’s trust of a user who known or is supposed to have been authenticated. This is
accomplished by changing values in the HTTP header and even in the user’s cookie to falsifyaccess. It can be prevented by embedding additional authentication data into requests that allows
the web application to detect requests from unauthorized locations. Examples are synchronizer
token patterns, cookie-to-header tokens, and checking the HTTP Referrer header and the HTTP
Origin header.