Addressing Cross-Site Request Forgery in public/hybrid APIs

Cross-Site Request Forgery (CSRF or Session Riding) is the invocation of unauthorised commands that are triggered by a trusted user. A malicious website could make use of the fact that a user is logged in to a vulnerable website to then ride that session and forge requests. CSRF is a very common type of attack and ASP.NET has had the AntiForgery library for a long time. What’s interesting is when you have a hybrid/public API that your website is using and it is also used by other clients like Powershell, Mobile, etc.… [Keep reading] “Addressing Cross-Site Request Forgery in public/hybrid APIs”