Insecure Cross-Site Request Forgery (CSRF) configuration detected.

Rule ID: php_symfony_csrf_protection_disabled
Languages: php
Source: csrf_protection_disabled.yml

Description

Disabling Cross-Site Request Forgery (CSRF) protection allows attackers to trick clients into making unintentional requests to your application.

Remediations

❌ Don't disable CRSF protection

Resources

Symfony CSRF guide

Associated CWE

CWE-352: Cross-Site Request Forgery (CSRF)

OWASP Top 10

A01:2021 - Broken Access Control

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_symfony_csrf_protection_disabled

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_symfony_csrf_protection_disabled

Ready to take the next step? Learn more about Bearer Cloud.