Re: blocking CSRF attacks

Hi,

> any one on the list aware of any IDS/IPS capable of blocking CSRF
> attacks? 
> If not, what will be the best policy to block CSRF.
>  
The best fix is to code you application to include a random token on all 
forms that cause an action, and validate this when the form is submitted.

Now, I guess you're after a quick fix? One possibility is to block POST 
requests that have a referer, and the referer is not from your domain. 
I've not tried this, but I expect it would block most attacks without 
interfering with legitimate traffic.

This does assume your pages that cause actions only respond to POST 
requests, which may not be true in practice.

Paul

-------------------------------------------------------------------------
Sponsored by: Watchfire 
Methodologies & Tools for Web Application Security Assessment 
With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F
-------------------------------------------------------------------------