GIAC Foundational Cybersecurity Technologies Practice Test

A web application is configured to validate a unique token value for each submitted user request. What threat is being mitigated?

• A. Local file inclusion
• B. Cross Site request forgery
• C. Drive-By downloads
• D. Command injection

The correct answer is: Cross Site request forgery

The correct choice highlights the importance of implementing validation of unique token values for each submitted user request as a means to mitigate Cross Site Request Forgery (CSRF) threats. CSRF is a type of attack where unauthorized commands are transmitted from a user that the web application trusts. In this scenario, without the unique token validation mechanism, an attacker could exploit the user's authenticated session with that web application to perform actions without the user’s consent or knowledge. By generating and validating unique token values, the application ensures that requests initiated by the user are intentional and originate from the authorized source. The unique token serves as a security measure to confirm that the action being taken is legitimate, thereby protecting against CSRF attacks where malicious scripts attempt to perform actions on behalf of authenticated users. This unique token strategy prevents attackers from being able to forge a valid request since they will not have access to the token associated with the legitimate user session. Therefore, the implementation of unique token validation is a key defense mechanism against CSRF, emphasizing the necessity of this technique in protecting web applications from such vulnerabilities.