LAB 325 – Defending TypeScript Applications Against CSRF

Course Overview

Cross-Site Request Forgery (CSRF) is a type of cyber-attack where a web application executes a sensitive action without verifying that the request came from within the application. This can allow an attacker to deceive a legitimate user into performing a dangerous action within the application, such as by clicking on a malicious hyperlink in a spam email or visiting a site controlled by the attacker.

To prevent CSRF attacks, web developers should include and validate anti-CSRF tokens in the code of web applications that handle sensitive functions, like user management or business logic. While many frameworks include anti-CSRF tokens by default, it is essential to ensure they are present in all application code dealing with potentially risky functionality.

This Defending TypeScript Skill Lab offers a virtual environment containing a vulnerable application, allowing developers to practice identifying and addressing Cross-Site Request Forgery (CSRF) vulnerabilities. Learners will gain hands-on experience testing for CSRF vulnerabilities and implementing appropriate mitigations, such as using anti-CSRF tokens when handling requests that perform sensitive or dangerous functionality.