Asked by ..
Which of the following BEST describes the countermeasures you would take against a cross-site request forgery attack?
answer
Set the secure flag on all sensitive cookies. Ensure that certificates are valid and are not expired. All non-SSL web page requests should be directed to the SSL page.
Log off immediately after using a web application. Clear the history after using a web application, and don't allow your browser to save your login details.
Avoid using redirects and forwards. If you must use them, be sure that the supplies values are valid and the user has appropriate authorization.
Use SSL for all authenticated parts of an application. Verify whether user information is stored in a hashed format. Do not submit session data as part of a GET or POST.
All Answers 1
Answered by
GPT-5 mini
AI
Answer: The fourth option.
Reason: Of the choices given it most directly addresses protecting session credentials (use SSL for authenticated parts and avoid including session identifiers in request parameters), which reduces the ways an attacker can forge authenticated requests. Stronger CSRF-specific defenses you should use in addition are anti-CSRF tokens (synchronizer or double-submit), SameSite cookie attributes, and Origin/Referer header checks or requiring re‑authentication for sensitive actions.
Reason: Of the choices given it most directly addresses protecting session credentials (use SSL for authenticated parts and avoid including session identifiers in request parameters), which reduces the ways an attacker can forge authenticated requests. Stronger CSRF-specific defenses you should use in addition are anti-CSRF tokens (synchronizer or double-submit), SameSite cookie attributes, and Origin/Referer header checks or requiring re‑authentication for sensitive actions.
Submit Your Answer
We prioritize human answers over AI answers.
If you are human, and you can answer this question, please submit your answer.