F5 BIG-IP ASM - CSRF Protection

I think, the best way to learn about hacking and security is testing attacks and mitigating them. This is the methodology I follow in the Security courses on Networks and Systems I’m teaching these weeks. In addition, I like testing the laboratories before teaching to students because there are lots of kind of attacks and I think the best way to learn about how to block them is testing, testing and testing. Today, I’m going to write about how to exploit a CSRF vulnerability and how to mitigate it with a Web Application Firewall (WAF).

If you really want to learn about hacking and security, firstly, you have to deploy a laboratory with lots of technologies, such as IDS, HIDS, WIDS, network firewalls, WAFs, SIEMs; vulnerable servers like WebGoat; and hacking tools such as those which come with the Kali Linux operating system. Secondly, you must have lots of time to read and test because most the time you’ll have to learn by yourself. Finally, you should really love security. Today, I’ve used a Kali Linux with WebGoat as vulnerable server and a F5 BIG-IP ASM as WAF.

WebGoat

The Proof of Concept (PoC) that I have been testing today is a CSRF attack which is used when a malicious user wants to execute unauthorized commands from a user that the web application trusts. For instance, firstly, the victim has authenticated into the target website, such as a bank account website or a forum; secondly, the attacker sends a malicious link to fool victim to click; finally, if the victim clicks the malicious link, unauthorized commands are executed, such as transfers in the bank account or replies in the forum, which have happened underground. It’s important to highlight that XSS attacks exploit the trust a user has for a particular site while CSRF attacks exploit the trust a site has in a user’s browser.

CSRF Attack

 

If you want to know how to test and mitigate a CSRF attack, see the next video:

Regards my friend and remember, keep studying!!