Thursday, March 9, 2023

What is CSRF? How is CSRF Protection enabled in AEM?

 What is CSRF?

  1. The victim is authenticated in the target web application (e.g.,
  2. The attacker uses social engineering to trick the victim into visiting a malicious website (e.g.,
  3. The malicious web page includes code that causes the victim’s browser to send an implicit request to the target (
  4. The malicious request causes the target to perform state change actions that the user did not intend.

How CSRF Protection Enabled in AEM?

Valid Scenario:

Malicious Attack:

Granite jQuery or Granite CSRF standalone library:

CSRF Token Servlet:

CSRF Filter:

HMAC Key Sync:

Dispatcher Configuration:


No comments:

Post a Comment