missing-csrf-protections
missing-csrf-protections
The app is missing the
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A05:2021 - Security Misconfiguration
:protect_from_forgery plug in a pipeline that fetches a session, which attempts to mitigate Cross-Site Request Forgery (CSRF) attacks.Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-352: Cross-Site Request Forgery (CSRF)
OWASP:
- A05:2021 - Security Misconfiguration