Pinned topic XSRF Vulnerability issue
I have a HATS application developed in HATS 8.0. When I run AppScan I got vulnerability like..
WASC Threat Classification
Cross Site Request Forgery (XSRF)
Reasoning: The test result seems to indicate a vulnerability because the same request was sent twice in different sessions,
and the same response was received. This shows that none of the parameters are dynamic
(session identifiers are sent only in cookies) and therefore that the application is vulnerable to CSRF.
"How we can protect our HATS app from this XSRF attack. How to make secure HATS App from XSRF. Is there any work around for it."
BrijeshAnghan 310000BST71 Post
Re: XSRF Vulnerability issue2015-05-12T13:45:14ZThis is the accepted answer. This is the accepted answer.
I submitted a PMR for CSRF issue affect HATS applications. The PMR got escalated to L3. There response was as follows,
Currently there is no built in mechanism in HATS to avoid this. The issue in this PMR can not be resolved with an apar. It will need a design change to resolve it. I encourage you to open a "Request for Enhancement"
I have submitted an RFE for this issue. If possible, please vote for it -> http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=71033