GIAC Foundational Cybersecurity Technologies Practice Test

Which of the following is an effective way to mitigate a Cross Site Request Forgery?

• A. Make sure every request is submitted from the same IP address
• B. Use a Cross Site Request Forgery Token that is required for every form
• C. Limit the number of requests submitted in a session
• D. Disable cookies during transfers

The correct answer is: Use a Cross Site Request Forgery Token that is required for every form

Using a Cross Site Request Forgery (CSRF) Token is an effective way to mitigate CSRF attacks because it incorporates an additional layer of verification for web requests. When a user requests a particular action (like submitting a form), the server generates a unique token and attaches it to the form. This token is then included with the form submission. When the server receives a request, it checks for the presence and validity of this token. If the token is absent or does not match the expected value, the server can reject the request. This mechanism ensures that the request is legitimate and originated from the authorized user, not from a third-party site trying to perform actions on behalf of the user, which is the fundamental issue with CSRF vulnerabilities. Other options lack effectiveness in addressing the specific nature of CSRF. For instance, restricting requests by IP addresses can lead to false negatives, especially for legitimate users who may change networks or use dynamic IP addresses. Limiting the number of requests in a session does not effectively prevent unauthorized requests, as it could inadvertently restrict legitimate user actions. Disabling cookies may resolve some session-related issues, but it does not address how CSRF exploits operate, as an attacker can still trigger requests without directly relying on cookies.