In this video Emmanuel Henri demonstrates what are the best practices to prevent cross-site forgery risks.
- [Instructor] So let's review the best practices to prevent CSRF issues with your application or site. As we've covered quite a bit already, always apply token-based authentication with tools such as JWT libraries like Auth0. If you don't like what Auth0 has to offer, there are other libraries you can take a look at on the jwt.io site. If you don't have any ways to protect for CSRF, an attacker can do all kinds of no-goods on your application or website. And all the rules explored in the previous chapter or even across this course, apply to this case as well.
As we've also mentioned many times in this course, use popular libraries such as React and Angular, where they have pre-built tools to mitigate many types of risks, such as CSRF. Angular has a solid HTTP client, if you prefer to use this over Auth0 or JWT. Last but not least, take the time to review the rules at this link, to make sure you understand all the risks and have plans in place to prevent them.
- Risks posed by cross-site scripting
- Best practices for dealing with cross-site forgery threats
- Dealing with sensitive data risks
- Preventing server-side injection
- Preventing obfuscation