Veracode Scan: Prevent Cross-Site Request Forgery Attack in ASP.Net MVC

Question

Cross site request forgery issue has been reportd by veracode scan on our web api and mvc applicationsThey suggested to generate nonce value and store it in a hidden field to compareKindly advise on implementation

Joey · Accepted Answer

Hi tsakumar81Use the AntiForgeryToken function of the HTML Helper class to prevent Cross site request forgeryHtmlAntiForgeryTokenand decorate the Action Method with ValidateAntiForgeryToken attributeFor more details refer below articlePrevent CrossSite Request Forgery Attack in ASPNet MVC

Veracode Scan: Prevent Cross-Site Request Forgery Attack in ASP.Net MVC

Company

Explore

Follow us

Contact Us