Topic
  • 1 reply
  • Latest Post - ‏2015-05-12T13:45:14Z by BrijeshAnghan
razak_khan
razak_khan
3 Posts

Pinned topic XSRF Vulnerability issue

‏2012-09-28T16:38:51Z |
Hi,

I have a HATS application developed in HATS 8.0. When I run AppScan I got vulnerability like..
(1)
WASC Threat Classification
Cross Site Request Forgery (XSRF)

Reasoning: The test result seems to indicate a vulnerability because the same request was sent twice in different sessions,
and the same response was received. This shows that none of the parameters are dynamic
(session identifiers are sent only in cookies) and therefore that the application is vulnerable to CSRF.
"How we can protect our HATS app from this XSRF attack. How to make secure HATS App from XSRF. Is there any work around for it."

Thanks:
razak
  • BrijeshAnghan
    BrijeshAnghan
    1 Post

    Re: XSRF Vulnerability issue

    ‏2015-05-12T13:45:14Z  

    Razak,

    I submitted a PMR for CSRF issue affect HATS applications. The PMR got escalated to L3. There response was as follows,

    Currently there is no built in mechanism in HATS to avoid this.  The issue in this PMR can not be resolved with an apar.  It will need a design change to resolve it.  I encourage you to open a "Request for Enhancement"

    I have submitted an RFE for this issue. If possible, please vote for it -> http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=71033