security-review-owasp-cross-site-request-forgery-prevention
CommunityCatch CSRF gaps before attackers do
Software Engineering#owasp#security review#csrf#token validation#fetch metadata#same-site cookies#origin checks
Authorsjinks
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps reviewers find cross-site request forgery weaknesses in authenticated workflows before attackers can abuse them to trigger unwanted state changes.
Core Features & Use Cases
- Token and Session Review: Checks synchronizer tokens, double-submit cookie patterns, session binding, and token validation coverage.
- Browser-Signal Validation: Evaluates SameSite cookies, Origin and Referer checks, and Fetch Metadata enforcement for sensitive endpoints.
- API and Client-Side Protection: Reviews AJAX requests, CORS exposure, custom headers, login flows, and client-side request construction for CSRF bypasses.
- Use Case: A reviewer can inspect a checkout flow, admin action, or webhook receiver and determine whether it can be triggered cross-site without trustworthy request-origin proof.
Quick Start
Use the security-review-owasp-cross-site-request-forgery-prevention skill to inspect the selected flow or files and report any confirmed CSRF weaknesses with evidence.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-review-owasp-cross-site-request-forgery-prevention Download link: https://github.com/sjinks/ai-owasp-skillset/archive/main.zip#security-review-owasp-cross-site-request-forgery-prevention Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 537,000+ vetted skills library on demand.