In order to counter a CSRF attack, the strategy proven most effective is the synchronizer token pattern. In the absence of an attack it works as follows:
- Presented with a request from an authorized user, the web application generates a cryptographically strong pseudo-random number and stores it at the user’s session. This number is called the synchronizer token.
- The synchronizer token is embedded into every part of a response page that can trigger actions with side effects. The synchronizer token is neither sent nor stored as a browser cookie.
- The authorized user triggers one of these requests from the page.
- The web application receives the request and validates that the synchronizer token embedded in the request matches one stored at the user’s session and performs the requested action.
An attacker trying to run a CSRF attack on this web application will now fail because he cannot retrieve or guess the synchronizer token and the web application will thus reject to perform any forged requests.
The cross-site request forgery guard (CSRF Guard) is an implementation of the synchronizer token pattern, especially tailored for Intershop applications. It is not the equally named CSRFGuard by OWASP.
For additional information about the CSRFGuard please refer to Overview – Cross-site Request Forgery Guard and its subsequent documents.
Co-Authors: Thomas Bergmann, Nils Breitmann and Intershop Consulting Stuttgart