Question

1
Replies
1022
Views
RANJANS2 Member since 2007 3 posts
JP Morgan Chase
Posted: 3 years ago
Last activity: 3 years 6 months ago
Closed

Preventing Request based CSRF attack

All,

I know,we have a way to avoid session based CSRF attack , using the dynamic system settings as mentioned in this url:-

https://pdn.pega.com/configuring-csrf-protection/configuring-csrf-protection

But,i have been challenged with an issue related to request based attack, do not see any option in pega 7.1.9 to configure it.As usual,when raised a support request,they opened an enhancement request-again that will be for future version. Checking to see,if you guys have fixed this on your own.if yes,how?

***Updated by Moderator: Marissa to add SR Exists group tag***

Security SR Exists
Moderation Team has archived post
Share this page LinkedIn