{"_id":"55dc836f6f16451700843e4e","parentDoc":null,"version":{"_id":"55db8f901a91690d007ad978","project":"55db8f8f1a91690d007ad975","__v":17,"createdAt":"2015-08-24T21:41:36.034Z","releaseDate":"2015-08-24T21:41:36.034Z","categories":["55db8f901a91690d007ad979","55db9856b3d6540d00886426","55dc751b00a8811900c230e3","55dc766255be9f21004ee250","55dc769200a8811900c230ed","55e4c701177b6e0d003330fa","55f4915caf0bc71900a53130","55f491b2be9c2b2100f0635d","560b22739c7be70d00100bd8","57488c53e8c6a420000b729c","574cefd95953e20e00f40f9f","5798edfd7700d30e00ad250c","579ac88234b5fd0e00b9e140","57c81c6d690c200e0047b72e","57d9b8fbda17c30e003897f1","57d9b90e608ea00e00f358d8","57d9b91cda17c30e003897f4"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"user":"55dc702d7fa0290d00559106","githubsync":"","project":"55db8f8f1a91690d007ad975","category":{"_id":"57d9b91cda17c30e003897f4","project":"55db8f8f1a91690d007ad975","__v":0,"version":"55db8f901a91690d007ad978","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2016-09-14T20:54:52.969Z","from_sync":false,"order":5,"slug":"suspicious-behavior","title":"Suspicious Behavior"},"__v":5,"updates":[],"next":{"pages":[],"description":""},"createdAt":"2015-08-25T15:02:07.053Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"required","params":[],"url":""},"isReference":false,"order":5,"body":"A CSRF token is a random, unique value Web servers expect during transactions. This unique value, determined by the server, ensures a client request cannot be replayed by an attacker since the value changes with every new request.\n\nIt is not uncommon for an attacker to target the CSRF field in Web forms, in an attempt to determine its randomness.\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Mitigation\"\n}\n[/block]\nIf a request contains a CSRF token which has been tampered with, IMMUNIO will detect it, and if configured to do so will alert with the details on the dashboard.","excerpt":"","slug":"csrf-tampering","type":"basic","title":"CSRF Tampering"}
A CSRF token is a random, unique value Web servers expect during transactions. This unique value, determined by the server, ensures a client request cannot be replayed by an attacker since the value changes with every new request. It is not uncommon for an attacker to target the CSRF field in Web forms, in an attempt to determine its randomness. [block:api-header] { "type": "basic", "title": "Mitigation" } [/block] If a request contains a CSRF token which has been tampered with, IMMUNIO will detect it, and if configured to do so will alert with the details on the dashboard.