Skip to main content
OutSystems

Protecting OutSystems apps from Cross Site Request Forgery attacks

With the Cross Site Request Forgery (CSRF) method, attackers are able to make requests to your application from another site:

  • GET request
    • hidden image
    • bad link
       
  • POST request
    • bad form

A common usage is tricking users and capturing unintended likes in social networking sites.

The following example illustrates how a CSRF attack can trick a user, that has not logged out from a vulnerable website, into clicking a trap link that executes a script or sends a fake POST request with the user's session ID:

How to do it with OutSystems Platform

To secure your OutSystems apps against CSRF attacks, the following actions are recommended:

Use case Actions

Perform GET requests

  • Don’t run actions in Preparation.
  • When designing your REST API, don't use cookies.
Perform POST requests

More information

To learn how to protect your OutSystems apps against other common types of attacks, check how OutSystems Platfom helps you develop secure applications.