Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking

OWASP Foundation via YouTube

Overview

Explore the intricacies of request forgery on the web in this comprehensive 47-minute keynote presentation by Jim Manico, Founder and CEO of Manicode Security. Delve into various forms of request forgery, including Cross-Site Request Forgery (CSRF), Server-Side Request Forgery (SSRF), and Clickjacking. Learn about real-world attack scenarios, such as the Netflix request forgery and the Capital One case, and discover effective defensive strategies like nonce tokens, SameSite cookies, and the double-cookie submit pattern. Gain valuable insights into protecting web applications from these security threats, including best practices for URL encoding, origin header checks, and X-Frame-Options implementation. Enhance your understanding of web security and equip yourself with the knowledge to build more secure applications in this OWASP Foundation-managed talk.

Syllabus

Introduction
What is request forgery
Examples
Crosssite request forgery
Netflix request forgery
Single signon
Traditional Web Apps
Get Requests
Double Submit
Browser Standards
Same site lacks
Cookie defense
Check origin header
Control origin header
Crosssite scripting
Twitter attack
Crosssite request forgery cheat sheet
Serverside request forgery
Capital One case
From another angle
SSRF attack
How to fix
URL Encoding
SSRF
Summary
Questions
Web Frameworks
Service on request forgery
Clickjacking
XFrameOptions

Taught by

OWASP Foundation

Reviews

Start your review of Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.