US 12,216,763 B2
Detecting and protecting against inconsistent use of cross-site request forgery mitigation features
Safwan Mahmud Khan, Woodinville, WA (US)
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed by MICROSOFT TECHNOLOGY LICENSING, LLC, Redmond, WA (US)
Filed on Oct. 27, 2021, as Appl. No. 17/512,563.
Prior Publication US 2023/0129631 A1, Apr. 27, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 8/75 (2018.01); G06F 21/57 (2013.01); H04L 67/02 (2022.01)
CPC G06F 21/575 (2013.01) [G06F 8/75 (2013.01); H04L 67/02 (2013.01); G06F 2221/033 (2013.01); G06F 2221/2119 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for detecting cross-site request forgery vulnerabilities, comprising:
receiving a source code of a web application;
opening the source code;
identifying a framework by searching for an indication of the framework in the opened source code; and
generating an indication of a cross-site request forgery vulnerability within the source code based on a determination that:
a feature of the framework is incorrectly applied to an invocation of a function within the source code, wherein the feature causes an anti-forgery token to be generated when the function is executed, and wherein the feature causes the anti-forgery token to be included in a cookie when the function is executed.