Safeguard
Tag

csrf

Safeguard articles tagged "csrf" — guides, analysis, and best practices for software supply chain and application security.

14 articles

Application Security

Choosing a secure Node.js web framework: Express, Fastify, Koa, and NestJS compared

None of Express, Fastify, Koa, or NestJS enable security headers, CSRF protection, or input validation by default — the defaults you inherit differ more than you'd think.

Jul 14, 20266 min read
Application Security

CSRF in Node.js: attack mechanics and modern mitigation

Express has never shipped CSRF protection in core, and its most popular middleware, csurf, was archived in 2022 — here's what actually replaces it.

Jul 8, 20267 min read
Application Security

A hardening guide to securing Flask applications

Flask ships session cookies with HttpOnly on by default — but Secure, SameSite, CSRF tokens, and every security header are left entirely to you.

Jul 8, 20266 min read
Security Guides

Preventing CSRF and XSS in ASP.NET Core

How CSRF and XSS actually work against ASP.NET Core apps, and the concrete defenses, antiforgery tokens, Razor output encoding, CSP, and SameSite cookies, that shut them down.

Jul 7, 20266 min read
Vulnerability Guides

What is CSRF (Cross-Site Request Forgery)?

CSRF makes a logged-in user's browser perform actions they never intended — changing an email, moving money, granting access — using the victim's own session. Here's how it works and how to stop it.

Jul 7, 20265 min read
Application Security

PHP Laravel security best practices

One line, `protected $guarded = [];`, can turn a Laravel signup form into an admin-account minting machine — here's how to lock down five real Laravel risk areas.

Jul 7, 20266 min read
Security Guides

Cookie Security Best Practices (2026)

Session cookies are the keys to your users' accounts. Here is how to set them so they cannot be stolen, forged, or leaked: the flags, the prefixes, and the parsing pitfalls.

Jul 6, 20266 min read
Vulnerability Analysis

What is Cross-Site Request Forgery (CSRF)

CSRF forges an authenticated request using a victim's own session cookie. Learn how it works, real Gmail/YouTube cases, and how to detect and fix it.

Mar 31, 20267 min read
AI Security

CSRF Modern Forms: Griffin AI vs Mythos

CSRF in 2026 is not the 2012 attack. SameSite cookies, fetch metadata, and modern frameworks changed the landscape. Detection needs to keep up.

Feb 20, 20263 min read
Regulatory Compliance

Django CSRF protection and common session security miscon...

Django's CSRF defaults are solid, but wildcards, exempted webhooks, and reordered middleware quietly undo them. Here's where django csrf misconfiguration actually happens.

Jan 27, 20267 min read
Vulnerability Analysis

Cross-site request forgery (CSRF) explained

CSRF forges authenticated requests using a victim's own session cookies. Learn how real attacks against Netflix and uTorrent worked, and how to stop them.

Dec 13, 20257 min read
Vulnerability Analysis

Harbor CSRF Token Bypass Enabling Session Hijack (CVE-202...

CVE-2022-31663 let attackers bypass Harbor's CSRF protections to hijack authenticated sessions. Here's the impact, affected versions, and how to remediate.

Nov 22, 20257 min read
csrf — Safeguard Blog