validating-csrf-protection

jeremylongshore

Updated Today

26 views

409

Metaaitesting

About

This skill identifies CSRF vulnerabilities in web applications by validating protection mechanisms like synchronizer tokens, SameSite attributes, and origin validation. Use it to analyze your application's security posture against CSRF attacks when prompted to test or check CSRF protection.

Documentation

Overview

This skill empowers Claude to analyze web applications for CSRF vulnerabilities. It assesses the effectiveness of implemented CSRF protection mechanisms, providing insights into potential weaknesses and recommendations for remediation.

How It Works

Analyze Endpoints: The plugin examines application endpoints to identify those lacking CSRF protection.
Assess Protection Mechanisms: It validates the implementation of CSRF protection mechanisms, including token validation, double-submit cookies, SameSite attributes, and origin validation.
Generate Report: A detailed report is generated, highlighting vulnerable endpoints, potential attack scenarios, and recommended fixes.

When to Use This Skill

This skill activates when you need to:

Validate existing CSRF protection measures.
Identify CSRF vulnerabilities in a web application.
Assess the risk associated with unprotected endpoints.
Generate a report outlining CSRF vulnerabilities and recommended fixes.

Examples

Example 1: Identifying Unprotected API Endpoints

User request: "validate csrf"

The skill will:

Analyze the application's API endpoints.
Identify endpoints lacking CSRF protection, such as those handling sensitive data modifications.
Generate a report outlining vulnerable endpoints and potential attack vectors.

Example 2: Checking SameSite Cookie Attributes

User request: "Check for csrf vulnerabilities in my application"

The skill will:

Analyze the application's cookie settings.
Verify that SameSite attributes are properly configured to mitigate CSRF attacks.
Report any cookies lacking the SameSite attribute or using an insecure setting.

Best Practices

Regular Validation: Regularly validate CSRF protection mechanisms as part of the development lifecycle.
Comprehensive Coverage: Ensure all state-changing operations are protected against CSRF attacks.
Secure Configuration: Use secure configurations for CSRF protection mechanisms, such as strong token generation and proper SameSite attribute settings.

Integration

This skill can be used in conjunction with other security plugins to provide a comprehensive security assessment of web applications. For example, it can be combined with a vulnerability scanner to identify other potential vulnerabilities in addition to CSRF weaknesses.

Quick Install

/plugin add https://github.com/jeremylongshore/claude-code-plugins-plus/tree/main/csrf-protection-validator

Copy and paste this command in Claude Code to install this skill

GitHub 仓库

jeremylongshore/claude-code-plugins-plus

Path: backups/skills-migration-20251108-070147/plugins/security/csrf-protection-validator/skills/csrf-protection-validator

aiautomationclaude-codedevopsmarketplacemcp

Related Skills

sglang

llamaguard

Other

LlamaGuard is Meta's 7-8B parameter model for moderating LLM inputs and outputs across six safety categories like violence and hate speech. It offers 94-95% accuracy and can be deployed using vLLM, Hugging Face, or Amazon SageMaker. Use this skill to easily integrate content filtering and safety guardrails into your AI applications.

View skill

evaluating-llms-harness

Testing

This Claude Skill runs the lm-evaluation-harness to benchmark LLMs across 60+ standardized academic tasks like MMLU and GSM8K. It's designed for developers to compare model quality, track training progress, or report academic results. The tool supports various backends including HuggingFace and vLLM models.