ZAP has observed that no anti-CSRF (Cross Site Request Forgery) token is issued by the target system for some URIs. This is a significant risk, since it means an end-user could unknowingly have their account carry out activities on behalf of an attacker. The use of anti-CSRF tokens, e.g., such as those provided by Web frameworks like Django, is an effective way to prevent this.
ZAP has observed that no anti-CSRF (Cross Site Request Forgery) token is issued by the target system for some URIs. This is a significant risk, since it means an end-user could unknowingly have their account carry out activities on behalf of an attacker. The use of anti-CSRF tokens, e.g., such as those provided by Web frameworks like Django, is an effective way to prevent this.
ZAP scan report https://baldin.crc.nd.edu/CRC-Restricted/ScanResults/PresQT/2020/PresQT_QA_ZAP_Scan.html
CRC best practices https://sites.google.com/nd.edu/cbp/home
May need to be on campus or vpn to access links.