CSRF test by removing csrf token
Assessing the system's vulnerability by removing the CSRF token to determine if unauthorized actions can be performed.
Broken User Authentication (BUA)
How this template works
APIs Selection
The template uses API selection filters to specify the criteria for selecting the API requests to be executed. It filters requests based on the response code being between 200 and 300, or if the request headers, payload, or query parameters contain the keyword "csrf" and extracts the "csrf_key" for further use.
Execute request
The template defines a single execution type where it sends a request to the API. The request includes deleting the CSRF token from the request headers, body parameters, and query parameters using the extracted "csrf_key" from the API selection filters.
Validation
After executing the request, the template validates the response received. It checks if the response code is between 200 and 300. It also validates the response payload by ensuring that it has a percentage match greater than 80% and a non-zero length.
Frequently asked questions
What is the purpose of the "REMOVE_CSRF" test in this array
What are the potential consequences of successful execution of unauthorized actions due to the absence of the CSRF token
What is the category and severity level assigned to the "REMOVE_CSRF" test
What are the selection filters used to identify relevant API requests for the "REMOVE_CSRF" test
What actions are performed in the "execute" section of the test
What validation criteria are used to determine the success of the test
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "
Security team,
Rippling
