Surfing the Sea and Drowning in Tabs - An Introduction to Cross Site Request Forgery
Offered By: YouTube
Course Description
Overview
Learn about Cross Site Request Forgery (CSRF) in this 50-minute conference talk from Circle City Con 2015. Explore the fundamentals of CSRF, including its definition, how it occurs, and its relationship to the same-origin policy. Dive into key concepts such as viewstate, headers, MVC, and cookies. Discover defensive strategies like the Encrypted Token Pattern and other tactics to protect against CSRF attacks. Gain insights from real-world examples, including a Twitter case study, and access valuable resources for further learning. Enhance your web security knowledge and learn to safeguard applications from this common vulnerability.
Syllabus
Intro
What is Cross Site Request Forgery
App
How did this happen
Same origin policy
Viewstate
Header
MVC
Cookies
Encrypted Token Pattern
Other Tactics
Resources
Twitter
Example
Related Courses
Web Security: Same-Origin PoliciesLinkedIn Learning Client-Side Protection Against DOM-Based XSS Done Right
OWASP Foundation via YouTube CSP Pitfalls and Gotchas
OWASP Foundation via YouTube The "Web/Local" Boundary Is Fuzzy - A Security Study of Chrome's Process-based Sandboxing
Association for Computing Machinery (ACM) via YouTube Browsers Gone Wild
Black Hat via YouTube