Learn about Cross Site Request Forgery (CSRF) in this 50-minute conference talk from Circle City Con 2015. Explore the fundamentals of CSRF, including its definition, how it occurs, and its relationship to the same-origin policy. Dive into key concepts such as viewstate, headers, MVC, and cookies. Discover defensive strategies like the Encrypted Token Pattern and other tactics to protect against CSRF attacks. Gain insights from real-world examples, including a Twitter case study, and access valuable resources for further learning. Enhance your web security knowledge and learn to safeguard applications from this common vulnerability.
Overview
Syllabus
Intro
What is Cross Site Request Forgery
App
How did this happen
Same origin policy
Viewstate
Header
MVC
Cookies
Encrypted Token Pattern
Other Tactics
Resources
Twitter
Example
Related Courses
-
Surfing the Sea and Drowning in Tabs - An Introduction to Cross Site Request Forgery
-
Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking
-
The Past, Present, and Future of Cross-Site and Cross-Origin Request Forgery
-
The Past, Present, and Future of Cross-Site - Cross-Origin Request Forgery
-
The Past, Present, and Future of Cross-Site - Cross-Origin Request Forgery
-
OWASP CSRFGuard: Understanding and Preventing Cross-Site Request Forgery
