Additional Considerations When Using ASP.Net MVC Cross-site Request Forgery Prevention

Although cross-site scripting (XSS) attacks get most of the web security press, cross-site request forgery (CSRF) is often much easier for an attacker to exploit.  Fortunately, ASP.Net MVC provides helpers to prevent these attacks.  Steven Sanderson has an excellent post describing CSRF and how ASP.Net MVC’s AntiForgeryToken helper prevents CSRF. Unfortunately, security measures have a…

0