Major security update
Closed this issue · 1 comments
Decode84 commented
"Cross-site request forgery, or CSRF/XSRF, is an attack that relies on the user's privileges by hijacking their session. This strategy allows an attacker to circumvent our security by essentially deceiving the user into submitting a malicious request on behalf of the attacker."
There needs to be a CSRF tag or validation on every post request, in order to migrate this attack.
https://www.npmjs.com/package/csurf
https://www.npmjs.com/package/express-rate-limit
https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html
Migrate security issues.
- XSS
- Rate limits
- Signed session
- Cookie
- CSRF
- Other....