Statements (21)
Predicate | Object |
---|---|
gptkbp:instanceOf |
security mechanism
|
gptkbp:associatedWith |
user session
|
gptkbp:canBe |
sent as HTTP headers
stored in cookies stored in hidden form fields |
gptkbp:generation |
gptkb:server
|
https://www.w3.org/2000/01/rdf-schema#label |
CSRF tokens
|
gptkbp:mitigatedBy |
gptkb:CSRF_attacks
|
gptkbp:notVisibleTo |
third-party sites
|
gptkbp:recommendation |
gptkb:OWASP
|
gptkbp:sentBy |
HTTP requests
|
gptkbp:shouldBe |
unpredictable
unique per session validated on server side |
gptkbp:shouldNotBe |
guessable
|
gptkbp:type |
utility token
|
gptkbp:usedFor |
preventing Cross-Site Request Forgery
|
gptkbp:usedIn |
web applications
|
gptkbp:verifiedBy |
gptkb:server
|
gptkbp:bfsParent |
gptkb:Cross-site_Request_Forgery
|
gptkbp:bfsLayer |
5
|