Run the application and trigger the CSRF vulnerability.

1. Start the application.

./gradlew clean run

2. Go to localhost:8080 and login as admin with the username/password: admin/admin

3. Open evil.html in a web browser and click the button

4. Log out of the vendor portal, then try to log back in as admin

Recommended: Use Intellij to open and import the application’s build.gradle file. This will sync your gradle system to the IDE.

If you don’t use Intellij, you can sync the gradle system according to your environment tool.

Run the tests in debug to see the failing security test in detail.

./gradlew clean test --debug

Now use your wits to get the first test to pass!

• JDK 1.7+
• A Java IDE

• Spring Security
• OWASP CSRF Prevention Cheat Sheet