diff --git a/cors/README.md b/cors/README.md
new file mode 100644
index 0000000..065a895
--- /dev/null
+++ b/cors/README.md
@@ -0,0 +1,3 @@
+# Related Blog Posts
+
+* [Complete guide to CORS](https://reflectoring.io/complete-guide-to-cors/)
diff --git a/csrf/README.md b/csrf/README.md
new file mode 100644
index 0000000..ea08df1
--- /dev/null
+++ b/csrf/README.md
@@ -0,0 +1,3 @@
+# Related Blog Posts
+
+* [Complete guide to CSRF](https://reflectoring.io/complete-guide-to-csrf/)
diff --git a/csrf/index.js b/csrf/index.js
new file mode 100644
index 0000000..ee5a252
--- /dev/null
+++ b/csrf/index.js
@@ -0,0 +1,28 @@
+const express = require('express');
+const csrf = require('csurf');
+const cookieParser = require('cookie-parser');
+
+var csrfProtection = csrf({ cookie: true });
+var parseForm = express.urlencoded({ extended: false });
+
+var app = express();
+app.set('view engine','ejs')
+
+app.use(cookieParser());
+
+app.get('/transfer', csrfProtection, function (req, res) {
+// pass the csrfToken to the view
+res.render('transfer', { csrfToken: req.csrfToken() });
+});
+
+app.post('/process', parseForm,
+	csrfProtection, function (req, res) {
+    res.send('Transfer Successful!!');
+});
+
+app.listen(3000, (err) => {
+    if (err) console.log(err);
+        console.log('Server listening on 3000');
+    }
+);
+
diff --git a/csrf/package.json b/csrf/package.json
new file mode 100644
index 0000000..7dece65
--- /dev/null
+++ b/csrf/package.json
@@ -0,0 +1,23 @@
+{
+  "name": "csrfapp",
+  "version": "1.0.0",
+  "description": "CSRF mitigation example",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "keywords": [
+    "csrf"
+  ],
+  "author": "Pratik Das",
+  "license": "ISC",
+  "dependencies": {
+    "body-parser": "^1.19.0",
+    "cookie-parser": "^1.4.5",
+    "cookie-session": "^1.4.0",
+    "csurf": "^1.11.0",
+    "ejs": "^3.1.6",
+    "express": "^4.17.1",
+    "pug": "^3.0.2"
+  }
+}
diff --git a/csrf/views/transfer.ejs b/csrf/views/transfer.ejs
new file mode 100644
index 0000000..dc53183
--- /dev/null
+++ b/csrf/views/transfer.ejs
@@ -0,0 +1,23 @@
+<html>
+<head>
+	<title>CSRF Token Demo</title>
+</head>
+<body>
+	<form action="process" method="POST">
+	<input type="hidden" name="_csrf" value="<%= csrfToken %>">
+	<div>			
+	<label>Amount:</label><input type="text" name="amount">
+	</div>
+	<br/>
+	<div>			
+		<label>Transfer To:</label><input type="text" name="account">
+	</div>
+	<br/>
+	<div>	
+	    <input type="submit" value="Transfer">
+	</div>
+	</form>
+</body>
+</html>
+
+