As of this posting CSRF (Cross Site Request Forgery) stands as fifth top most threat for web applications. For information on what CSRF is, read on http://www.owasp.org/index.php/Top_10_2007-A5
1. A good protection against this attack is to re-authenticate (like transaction password) or better use two-factor authentication for critical transactions like fund transfer. Taking the CSRF vulnerability from Hacme Casino a good solution would be ask for transaction password as shown in the screenshot below -
2. Another solution is to implement one time nonces. For more information refer the link mentioned above.
Myth: Having ViewState enabled in a .Net web app would prevent against CSRF attacks.
Fact: Having ViewStateUserKey set and set to something that is distinct to each user like "ViewStateUserKey = Session.SessionID" will save you against CSRF attacks.