Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?

Adding a token for every POST or GET request that is initiated from the browser to the server can be used to mitigate which of the following attacks?

a. Buffer overflow
b. Cross-site request forgery (XSRF)
c. Cross-Site Scripting (XSS)
d. Input validation error



Answer: B

To mitigate cross-site request forgery (XSRF) attacks, the most common solution is to add a token for every POST or GET request that is initiated from the browser to the server. Answer A is incorrect because buffer overflows are associated with input validation. Answer C is incorrect because setting the HTTPOnly flag on the session cookie is used to mitigate XSS attacks. Answer D is incorrect because input validation tests whether an application properly handles input from a source outside the application destined for internal processing.

Learn More :

Share this

Share on FacebookPlus on Google+