Web security testing is a mandatory agenda, the increasing complexity of web applications and the increasingly sophisticated techniques of attackers to exploit web vulnerabilities raise security concerns and emphasize the need to create more secure and resilient web software. Cross-Site Request Forgery (CSRF) is one of the Broken Access Control vulnerabilities ranked 1st in the OWASP top 10 in 2021. Mutation testing is a static analysis approach to ensure software security is doing test cases by producing mutant (changed source code). The dynamic application security testing approach cannot guarantee whether vulnerabilities can be found or not. If they can be found, they are still unable to show where the vulnerability points are in the source code. This study formulates 8 mutation operators that can be used to ensure software security test cases on adequate CSRF vulnerability. The test was carried out by creating a weak and robust test case scenario. From the research, it was proven that mutation testing approaches to software security could be applied to help software testers ensure the security test case was made feasible. The result shows a mutation score indicator value with a weak test case is 0.09, but after fixing the test case, the value increased to 0.65. There was an increase of 56% with the weak test case still applied.