I'm implementing a web app using Angular 7 and .Net Core Web API. I have implemented JWT authentication for my app. With these configurations, I need to know app is vulnerable to CSRF attacks. If it is vulnerable what are the implementations for the vulnerability?
Asked
Active
Viewed 151 times
1
-
1there are different ways to manage CSRF, one is the use of cookies, another one is just by looking into the hosting and blacklisting some IPs – Jack M Aug 01 '19 at 06:29
-
1This is a vast topic to discuss, however [What if JWT stolen](https://stackoverflow.com/questions/34259248/what-if-jwt-is-stolen/56578731#56578731) will give you an insight, when we talk about JWT – yanky_cranky Aug 01 '19 at 06:35
-
Thanks @JackM. According to my application architecture is my application vulnerable to CSRF? – bhathiya.m Aug 01 '19 at 06:49
-
maybe, maybe not depends on your implementation – Jack M Aug 01 '19 at 06:51
-
@JackM I couldn't understand. Cant, we decide vulnerable or not? – bhathiya.m Aug 01 '19 at 07:08
-
1no you can't hypothetically decide, like yanky_cranky said it's a huge topic for discussion refer to the link provided by @yanky_cranky and decide for yourself. Like I said it all depends on the implementation and not the technology – Jack M Aug 01 '19 at 07:29