Which CSRF protection mechanisms does this skill validate?

It validates synchronizer tokens, double-submit cookies, SameSite cookie attributes, and origin/referer header validation.

Can this skill help fix the vulnerabilities it finds?

Yes, it generates a detailed report outlining potential attack scenarios and provides specific remediation recommendations for each vulnerability found.

Does it check cookie security settings?

Yes, it specifically analyzes cookie settings to verify that SameSite attributes are properly configured to mitigate CSRF risks.

How do I trigger a CSRF security check?

You can activate the skill by asking Claude phrases like 'validate csrf', 'check for csrf vulnerabilities', or 'test csrf protection'.

Is this skill suitable for API development?

Absolutely. It is designed to analyze API endpoints, especially those handling sensitive data modifications, to ensure they are protected against cross-site requests.

CSRF Protection Validator

Name: CSRF Protection Validator
Author: jeremylongshore

byjeremylongshore

•

884

•

보안 및 테스팅

Identifies Cross-Site Request Forgery (CSRF) vulnerabilities by validating protection mechanisms like synchronizer tokens and SameSite cookie attributes.

The CSRF Protection Validator empowers Claude to perform automated security audits on web applications to detect potential Cross-Site Request Forgery (CSRF) vulnerabilities. By analyzing application endpoints and assessing the implementation of protection strategies—such as synchronizer tokens, double-submit cookies, and origin validation—the skill identifies critical weaknesses that could lead to unauthorized state-changing actions. It provides developers with actionable reports, highlighting vulnerable endpoints and offering specific remediation recommendations to harden the application's security posture against modern web attacks.

주요 기능

01Validation of synchronizer tokens and double-submit cookie implementations

02884 GitHub stars

03Automated endpoint scanning for missing CSRF protections

04Verification of origin and referer header validation logic

05Detailed remediation reports with actionable security recommendations

06Audit of SameSite cookie attributes for session security

사용 사례

01Verifying application-wide cookie configurations for CSRF mitigation

02Auditing web API endpoints for missing security headers and tokens

03Generating security compliance reports for state-changing request handlers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills csrf-protection-validator

For use in Claude.ai and ChatGPT

Download Skill

주요 기능

01Validation of synchronizer tokens and double-submit cookie implementations

02884 GitHub stars

03Automated endpoint scanning for missing CSRF protections

04Verification of origin and referer header validation logic

05Detailed remediation reports with actionable security recommendations

06Audit of SameSite cookie attributes for session security

사용 사례

01Verifying application-wide cookie configurations for CSRF mitigation

02Auditing web API endpoints for missing security headers and tokens

03Generating security compliance reports for state-changing request handlers

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills csrf-protection-validator

For use in Claude.ai and ChatGPT

Download Skill