Completed
"In-your-face" CSRF
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
The Deputies Are Still Confused
Automatically move to the next video in the Classroom when playback concludes
- 1 Hi my name is Rich
- 2 Background
- 3 What is the same origin policy?
- 4 Same Origin Policy CSRF Quirks
- 5 Which Same Origin Policy?
- 6 Cookie Scope
- 7 Useful Cookie Facts
- 8 Recap: Writing Cookies
- 9 Double Submit Cookies
- 10 Framework Weaknesses
- 11 Cookies Apply to other CSRF Things!
- 12 NET MVC CSRF Protection
- 13 Other Frameworks
- 14 Single Sign On
- 15 How do we mitigate?
- 16 Tying Accounts Together
- 17 Attack Ideas
- 18 OAuth2 Facebook Attack
- 19 OAuth2 Attack
- 20 Logging into an Attacker Account
- 21 Attack Rating
- 22 A lot of custom Logic too
- 23 How do we fix this?
- 24 Practical CSRF Tips
- 25 "In-your-face" CSRF
- 26 Crashing Browsers
- 27 Logging out of Attacker Account
- 28 CSRF Protected POST XSS
- 29 "Non-Exploitable" XSS example
- 30 Generic Takeaways
- 31 Whitepaper Content