WEB-CSRF-01 & WEB-CONFIG-01
CSRF and Misconfiguration
CMU540: Cyber Security - Session 6
Birmingham Newman University
Lecturer: James Williams
Understanding CSRF vulnerabilities and secure design principles
3-hour session • 30 slides • 2 interactive tasks
Session Timeline:
10 min: Registration & waiting
20 min: Opening slides
45 min: Task 1
15 min: Break/Catch up
20 min: Secondary slides
45 min: Task 2
Remaining: Self-study
Learning Objectives
Understand OWASP A04: CSRF and A05: Misconfiguration
Identify CSRF attack vectors and prevention methods
Learn secure design principles and configuration management
Practice vulnerability discovery using OS³ Studio
Implement secure CSRF protection and configuration
Explore career opportunities in security architecture
OWASP A04: CSRF & A05: Misconfiguration
CSRF: Cross-Site Request Forgery forces users to perform unwanted actions
Misconfiguration: Security misconfigurations expose applications to attacks
Key Areas:
CSRF token validation
Secure design principles
Configuration management
Default credentials and settings
CSRF Attack Scenario
Attack Flow:
<!-- VULNERABLE: No CSRF protection -->
<form action="/transfer" method="POST">
<input name="amount" value="1000">
<input name="to" value="attacker-account">
<input type="submit" value="Transfer">
</form>
<!-- Malicious site -->
<img src="https://bank.com/transfer?amount=1000&to=attacker">
Impact: Unauthorized actions performed on behalf of authenticated users
CSRF Prevention Methods
1. CSRF Tokens
<!-- SECURE: CSRF token implementation -->
SameSite Cookie Protection
Implementation:
<!-- SECURE: SameSite cookie -->
Benefit: Prevents cookies from being sent with cross-site requests
Common Security Misconfigurations
1. Default Credentials
<!-- VULNERABLE: Default credentials -->
2. Debug Mode Enabled
<!-- VULNERABLE: Debug mode in production -->
Directory Traversal Vulnerabilities
Attack Example:
<!-- VULNERABLE: Directory traversal -->
<img src="<?php echo $_GET['file']; ?>">
<!-- Malicious request -->
GET /image.php?file=../../../etc/passwd
<!-- SECURE: Path validation -->
$file = basename($_GET['file']);
$path = '/safe/directory/' . $file;
Impact: Unauthorized access to sensitive files
Information Disclosure
Common Sources:
<!-- VULNERABLE: Error messages -->
Career Opportunities in Security Architecture
Security Architecture Roles:
Security Architect: £60,000 - £120,000Security Consultant: £50,000 - £100,000DevSecOps Engineer: £45,000 - £90,000Security Engineer: £40,000 - £80,000Penetration Tester: £35,000 - £70,000
Skills Needed: Security architecture, Risk assessment, Compliance, System design
OS³ Newman Cyber Security Lab
WEB-CSRF-01 & WEB-CONFIG-01 Lab Environment
Our OS³ Studio provides hands-on experience with:
Vulnerable applications with CSRF flaws
Misconfigured systems and applications
Secure implementation challenges
Configuration management best practices
Access: Available through university portal
Practical Examples
Watch: CSRF and Misconfiguration Explained
VIDEO
Understanding CSRF attacks and security misconfigurations
Case Study: GitHub CSRF Attack
2018 GitHub CSRF Vulnerability
Impact: Unauthorized repository accessMethod: CSRF attack on GitHub's invitation systemCause: Missing CSRF protection on invitation endpointsFix: Implemented CSRF tokens and SameSite cookies
Lesson: Even major platforms can have CSRF vulnerabilities
Summary: Common CSRF and Misconfiguration Issues
Key Vulnerabilities to Look For:
Missing CSRF protection
Default credentials and settings
Debug mode enabled in production
Directory traversal vulnerabilities
Information disclosure in errors
Insecure cookie settings
Missing security headers
Task 1: CSRF and Misconfiguration Discovery
Objective:
Use OS³ Studio to identify CSRF vulnerabilities and security misconfigurations in the lab environment.
Instructions:
Access the OS³ Studio vulnerable application
Test for CSRF vulnerabilities in forms
Look for default credentials
Check for debug mode and error disclosure
Test for directory traversal vulnerabilities
Examine cookie security settings
Document all findings with proof of concept
Prepare a vulnerability assessment report
Time: 45 minutes
Focus on systematic testing and thorough documentation
Break Time
15 Minutes
Take a break, ask questions, or catch up on the previous task.
Next: Secure implementation and Task 2
Secure CSRF Protection
1. Double Submit Cookie Pattern
<!-- SECURE: Double submit cookie -->
2. Origin Header Validation
<!-- SECURE: Origin validation -->
Secure Configuration Management
1. Environment-Based Configuration
<!-- SECURE: Environment configuration -->
2. Security Headers
<!-- SECURE: Security headers -->
Input Validation and Sanitization
1. Path Traversal Prevention
<!-- SECURE: Path validation -->
2. Error Handling
<!-- SECURE: Generic error handling -->
Authentication and Authorization
1. Strong Password Policy
<!-- SECURE: Password validation -->
2. Session Security
<!-- SECURE: Session configuration -->
Monitoring and Logging
1. Security Event Logging
<!-- SECURE: Security logging -->
2. Anomaly Detection
Monitor failed login attempts
Track unusual access patterns
Alert on privilege escalation attempts
Monitor for suspicious file access
Compliance and Standards
1. Security Frameworks
OWASP Top 10: Web application security risksNIST Cybersecurity Framework: Risk managementISO 27001: Information security managementPCI DSS: Payment card industry standards
2. Best Practices
Implement defense in depth
Regular security assessments
Automated security testing
Incident response planning
Career Development in Security Architecture
Next Steps:
Advanced Certifications: CISSP, CISM, CISASpecialized Training: Security architecture, Risk managementHands-on Practice: Security assessments, Penetration testingIndustry Networking: Security conferences, meetupsResearch: New attack techniques, Defense methods
Resources: OWASP | NIST | ISO
Task 2: Secure CSRF Protection and Configuration
Objective:
Use OS³ Studio to implement secure CSRF protection and fix configuration issues found in Task 1.
Instructions:
Access the OS³ Studio secure implementation environment
Implement CSRF token protection
Configure secure cookie settings
Remove default credentials and debug mode
Implement proper input validation
Add security headers
Test the secure implementation
Document the security improvements
Time: 45 minutes
Focus on implementing industry-standard security practices
Further Activity: Code Inspection
Advanced Students - Code Analysis:
For students with additional time, explore the source code to understand:
How CSRF protection is implemented
Configuration management practices
Error handling and logging mechanisms
Authentication and authorization systems
Security header implementation
Deliverable: Code review report with security recommendations
Session Summary
Key Takeaways:
CSRF attacks exploit user authentication
Security misconfigurations are common vulnerabilities
CSRF tokens and SameSite cookies provide protection
OS³ Studio provides hands-on vulnerability testing
Secure implementation requires multiple layers of protection
Career opportunities in security architecture are growing
Next Steps
Continue Learning:
Complete the OS³ Studio tasks
Explore additional security topics
Practice with security testing tools
Consider industry certifications
Join cybersecurity communities
Course Complete: All CMU540 sessions completed!