CSRF tokens

GPTKB entity

Statements (21)
Predicate Object
gptkbp:instanceOf security mechanism
gptkbp:associatedWith user session
gptkbp:canBe sent as HTTP headers
stored in cookies
stored in hidden form fields
gptkbp:generation gptkb:server
https://www.w3.org/2000/01/rdf-schema#label CSRF tokens
gptkbp:mitigatedBy gptkb:CSRF_attacks
gptkbp:notVisibleTo third-party sites
gptkbp:recommendation gptkb:OWASP
gptkbp:sentBy HTTP requests
gptkbp:shouldBe unpredictable
unique per session
validated on server side
gptkbp:shouldNotBe guessable
gptkbp:type utility token
gptkbp:usedFor preventing Cross-Site Request Forgery
gptkbp:usedIn web applications
gptkbp:verifiedBy gptkb:server
gptkbp:bfsParent gptkb:Cross-site_Request_Forgery
gptkbp:bfsLayer 5