diff options
author | vjeantet <valere.jeantet@gmail.com> | 2020-09-25 10:36:57 +0300 |
---|---|---|
committer | vjeantet <valere.jeantet@gmail.com> | 2020-09-25 10:36:57 +0300 |
commit | a97ab9a9a71d02dd6a04ca04b4a0bdff611e84c7 (patch) | |
tree | c8e6227473d1bf468c999ca851526bfad4de8d09 /exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md | |
parent | 025b2c65c6af04530fd5dcb8157a59f8257897b1 (diff) |
Page can be ignored by embeded search engine with page param "ignoresearch"
Diffstat (limited to 'exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md')
-rw-r--r-- | exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md b/exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md index c0c4512..b84d687 100644 --- a/exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md +++ b/exampleSite/content/checklist/webappsec/04_authz_AuthorizationRelatedWebVulnerabilities.md @@ -1,5 +1,6 @@ --- hidden: true +ignoresearch: true --- #### Cross Site Request Forgery Applications must protect all state-changing actions against cross-site request forgery (XSRF). In this attack, a malicious user forces the victim to send a request to the application, for example by luring the user to a page under the attacker's control. Because the browser automatically attaches available authentication cookies, the request will appear to be authorized if the user is logged in to the application. |