Completed
OAuth2 Facebook Attack
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
The Deputies Are Still Confused
Automatically move to the next video in the Classroom when playback concludes
- 1 Hi my name is Rich
- 2 Background
- 3 What is the same origin policy?
- 4 Same Origin Policy CSRF Quirks
- 5 Which Same Origin Policy?
- 6 Cookie Scope
- 7 Useful Cookie Facts
- 8 Recap: Writing Cookies
- 9 Double Submit Cookies
- 10 Framework Weaknesses
- 11 Cookies Apply to other CSRF Things!
- 12 NET MVC CSRF Protection
- 13 Other Frameworks
- 14 Single Sign On
- 15 How do we mitigate?
- 16 Tying Accounts Together
- 17 Attack Ideas
- 18 OAuth2 Facebook Attack
- 19 OAuth2 Attack
- 20 Logging into an Attacker Account
- 21 Attack Rating
- 22 A lot of custom Logic too
- 23 How do we fix this?
- 24 Practical CSRF Tips
- 25 "In-your-face" CSRF
- 26 Crashing Browsers
- 27 Logging out of Attacker Account
- 28 CSRF Protected POST XSS
- 29 "Non-Exploitable" XSS example
- 30 Generic Takeaways
- 31 Whitepaper Content