In our previous posts we discussed XSRF, its types then JSON XSRF and attacking methodology. Following is our last post on XSRF in which we will cover preventive measures against JSON XSRF attacks. Following are preventive measures that can be taken against XSRF attacks.
First of all the application must implement all kinds of basic XSRF attacks.
Always use unpredictable parameter for JSON objects.
As told in previous posts JSON XSRF attacks are possible because application can send XMLHttpRequest to retrieve JSON data it can only retrieve data by using GET method, so its better to implement only POST method as an countermeasure against JSON XSRF.
I hope you enjoyed learning XSRF in our next post we will cover some other topic in detail, if you have any problem understanding anything or just in case you need any revise, please check out Web Application Security Page on this blog. For now we end XSRF here, thanks for reading, have a nice time and keep visiting.