Is there a way to log that someone has made a CSRF attack to a web-application

Question

I understand how CSRF works, why it works & how to mitigate it. now, I have a web-application, its vulnerable to CSRF, I want to know if someone has successfully made a CSRF attack on my web-app. Is there a way to log it if there's CSRF

Thanks Suzee

Marten · Answer 1 · 2012-09-26T13:47:22.250

0

As a long as your app is not secure itself there is no better chance than going through the logs and see if there were requests with a referrer from an unknown site/site that makes not much sense. But this only works, when all the request headers are logged.

Once your app is secure, somewhere will be code like this

if is_csrf_attack
  log_csrf_attack
else
  go_on
end

Edit: With "making not much sense" I meant that you should look for URLs in referrer headers that should not send requests to your site -> it makes not much sense for these sites to call your API/URLs.

edited Sep 26 '12 at 13:47

answered Sep 26 '12 at 10:27

Marten

1,336
10
16

Exact response I've been looking for. Thanks very much. but I wonder Why did you say, it doesn't make much sense – suzee Sep 26 '12 at 10:47
I answered your question in an edit. I should have probably used a comment but I am still new to SO. Check mark would be appreciated ;) – Marten Sep 27 '12 at 14:12

Is there a way to log that someone has made a CSRF attack to a web-application

1 Answers1