Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How does OWASP tool detects CSRF issue in a website with no form data

 
Sandeep Cm
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I was doing pen-test using OWASP tool on a website and it seems like although an XCRF token was added to the .action ajax call, the tool is detecting that website we built has Cross Site Request Forgery (CSRF) issue. I wanted to understand on how OWASP tool detects these issues? All issues related to CSRF are tested with where the website has form data but my website doesn't have any form data and uses only ajax calls still the tool is detecting issues related to CSRF.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic