The Deputies Are Still Confused

The Deputies Are Still Confused

Black Hat via YouTube Direct link

Generic Takeaways

30 of 31

30 of 31

Generic Takeaways

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

The Deputies Are Still Confused

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Hi my name is Rich
  2. 2 Background
  3. 3 What is the same origin policy?
  4. 4 Same Origin Policy CSRF Quirks
  5. 5 Which Same Origin Policy?
  6. 6 Cookie Scope
  7. 7 Useful Cookie Facts
  8. 8 Recap: Writing Cookies
  9. 9 Double Submit Cookies
  10. 10 Framework Weaknesses
  11. 11 Cookies Apply to other CSRF Things!
  12. 12 NET MVC CSRF Protection
  13. 13 Other Frameworks
  14. 14 Single Sign On
  15. 15 How do we mitigate?
  16. 16 Tying Accounts Together
  17. 17 Attack Ideas
  18. 18 OAuth2 Facebook Attack
  19. 19 OAuth2 Attack
  20. 20 Logging into an Attacker Account
  21. 21 Attack Rating
  22. 22 A lot of custom Logic too
  23. 23 How do we fix this?
  24. 24 Practical CSRF Tips
  25. 25 "In-your-face" CSRF
  26. 26 Crashing Browsers
  27. 27 Logging out of Attacker Account
  28. 28 CSRF Protected POST XSS
  29. 29 "Non-Exploitable" XSS example
  30. 30 Generic Takeaways
  31. 31 Whitepaper Content

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.