Statements (21)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security_mechanism
|
| gptkbp:associatedWith |
user session
|
| gptkbp:canBe |
sent as HTTP headers
stored in cookies stored in hidden form fields |
| gptkbp:generation |
gptkb:server
|
| gptkbp:mitigatedBy |
gptkb:CSRF_attacks
|
| gptkbp:notVisibleTo |
third-party sites
|
| gptkbp:recommendation |
gptkb:OWASP
|
| gptkbp:sentBy |
HTTP requests
|
| gptkbp:shouldBe |
unpredictable
unique per session validated on server side |
| gptkbp:shouldNotBe |
guessable
|
| gptkbp:type |
gptkb:utility_token
|
| gptkbp:usedFor |
preventing Cross-Site Request Forgery
|
| gptkbp:usedIn |
web applications
|
| gptkbp:verifiedBy |
gptkb:server
|
| gptkbp:bfsParent |
gptkb:CSRF_attacks
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
CSRF tokens
|