About GET A DEMO

Backslash Vulnerability Database

Using Referer Field for Authentication

Using Referer Field for Authentication

CWE-293

Short description

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

Best practices to prevent this CWE

Phase: Architecture and Design

In order to usefully check if a given action is authorized, some means of strong authentication and method protection must be used. Use other means of authorization that cannot be simply spoofed. Possibilities include a username/password or certificate.

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

© 2023 Backslash. 28 HaArba'a St., Tel-Aviv Privacy Policy | Terms of Use