Everything You Wanted to Know About Client-Side CSRF But Were Afraid to Ask

Explore the intricacies of Client-side Cross-Site Request Forgery (CSRF) in this comprehensive 54-minute conference talk by Soheil Khodayari, presented by the OWASP Foundation. Delve into the problem statement, static analysis techniques, and detection challenges associated with client-side CSRF. Learn about the JAW data collection method, Hybrid Property Graphs (HPGs) as building blocks, and their role in symbolic models and semantic types propagation. Examine vulnerability analysis techniques, evaluation of forgeable requests, and gain insights into JAW's scalability and performance. Enhance your understanding of CSRF security concerns and mitigation strategies in web applications.

Intro
Cross-Site Request Forgery (CSRF)
Client-side CSRF: Problem Statement
Static Analysis (to the Rescue)
Static Analysis (Cont'd)
Client-side CSRF: Exemplifying Detection Challenges
Other General Challenges for CSRF
JAW: Data Collection
Hybrid Property Graphs (HPGs): Building Blocks
HPGs: Symbolic Models and Semantic Types Propagation
Vulnerability Analysis
Evaluation: Forgeable Requests
JAW: Scalability and Performance