Question

1
Replies
1067
Views
Shyam Ranjan (RANJANS2)
JP Morgan Chase
Shyam Ranjan
JP Morgan Chase
US
RANJANS2 Member since 2007 3 posts
JP Morgan Chase
Posted: April 7, 2017
Last activity: April 11, 2017
Posted: 7 Apr 2017 13:47 EDT
Last activity: 11 Apr 2017 16:40 EDT
Closed

Preventing Request based CSRF attack

All,

I know,we have a way to avoid session based CSRF attack , using the dynamic system settings as mentioned in this url:-

https://pdn.pega.com/configuring-csrf-protection/configuring-csrf-protection

But,i have been challenged with an issue related to request based attack, do not see any option in pega 7.1.9 to configure it.As usual,when raised a support request,they opened an enhancement request-again that will be for future version. Checking to see,if you guys have fixed this on your own.if yes,how?

***Updated by Moderator: Marissa to add SR Exists group tag***

Security Support Case Exists
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.