The Past, Present, and Future of Cross-Site and Cross-Origin Request Forgery

Explore the evolution of Cross-Site Request Forgery (CSRF) attacks in this comprehensive 52-minute conference talk from NDC Security in Oslo. Delve into the history, current state, and future trends of CSRF attacks, including the emerging threat of Cross-Origin Request Forgery against API-based applications. Learn about modern defense mechanisms, such as SameSite cookies, and understand their limitations in addressing new attack variations. Gain insights into the attack patterns, their impact on applications, and how typical defenses work to mitigate these threats. Discover the vulnerabilities of API-based applications to CSRF attacks and learn best practice defenses for APIs. Walk away with a solid understanding of CSRF attacks, the conditions that make applications susceptible, and effective strategies to prevent CSRF attacks in your software development projects.

The Past, Present, and Future of Cross-Site/Cross-Origin Request Forgery - Philippe De Ryck