ASM uses TS cookies as well against CSRF

Question

I understoof ASM injecting a token in fields on static HTML POST forms or cliende side scripts to protect against CSRF.&nbsp;
But i read somewhere that it uses as well the main TS cookie, how does it work exactly?
An attacker can just replay the TS cookie...&nbsp;

boneyard · Answer

sources?&nbsp;

samstep · Answer

Yes, the ASM is indeed using a TS cookie to store the random token. 
This is described in Solution SOL11903:&nbsp;
https://support.f5.com/kb/en-us/solutions/public/11000/900/sol11903.html&nbsp;
This is a so-called Double-Submit Cookie Protection.
It works because the attackers cannot read or modify the cookie value "cross-site" due to Same-Origin-Policy of browsers. Sure the attacker can replay cookies from the previous request, but it won't match the token in the next request.&nbsp;
OWASP CSRF Prevention Cheatsheet is a good resource for CSRF information, it describes Double-Submit Cookies among other protections, link here:&nbsp;
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet&nbsp;
Hope this helps,&nbsp;
Sam&nbsp;

Forum Discussion

ASM uses TS cookies as well against CSRF

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Cookie Tampering Protection using F5 Distributed Cloud Platform

Cookie-based DDoS protection

Client Auth Using HTTP Cookie

2. SYN Cookie: Operation

1. SYN Cookie: Intro

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS