Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using the Anti forgery token html helper at all the views that accept user input and the [ValidateAntiForgeryToken] on the associated action methods to protect from any possible CSRF attacks.
But i am facing a problem on how i can test that these line of codes is working well and they will prevent any possible attack.
BR
You could write a static HTML page that you could host just anywhere. Don’t even need a web server, you could use the
file:///c:/foo.htmfor example. In this HTML page create a simple<form>that will contain the same input elements (same names) as some of the ASP.NET MVC views that you want to test against CSRF. Theactionof the form will point to the same action as your ASP.NET MVC views. Then submit the form. If an AntiForgeryToken exception is thrown, you are safe. If on the other hand the controller action is executed, you are vulnerable to a CSRF attack.To learn more about CSRF look at the following article. Jeff Atwood also blogged about it.
And don’t just expect some miracle tool that you will run and it will show a green or red light. If such tool existed, hackers wouldn’t exist, as all sites would be protected and they wouldn’t have anything to hack.
The best way to ensure that your site is safe is to consult with a security specialist who will perform an extensive audit and code review.