Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

OWASP CSRFGuard: Understanding and Preventing Cross-Site Request Forgery

OWASP Foundation via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the intricacies of Cross-Site Request Forgery (CSRF) and learn how to effectively prevent it using OWASP CSRFGuard in this comprehensive conference talk. Delve into classic examples and recent CSRF attacks, understand the implications of relaxing the Same-Origin Policy, and examine the role of CORS in web security. Discover techniques for identifying CSRF vulnerabilities, including real-world attack payloads and methods for searching for exploits. Gain insights into prevention strategies, with a focus on the game-changing SameSite attribute and its impact on CSRF protection. Examine the CSRF Guard flow and explore new features in version 4.x, including JSP Tag support. Conclude with practical recommendations and learn how to automate CSRF detection using nuclei templates. Equip yourself with the knowledge to safeguard web applications against CSRF attacks and implement robust security measures.

Syllabus

Intro
What is Cross-Site Request Forgery
The classic example
More recent CSRF Attack
Relaxing the SOP (1)
Anything else? Yes, ofCORS!
When it's safe to fly?
CORS Server side headers
Real world CSRF attack payloads
Searching for CSRF exploits
Searching for recent CSRF exploits
How to prevent it?
SameSite - the game changer
So when would you need CSRF Guaru..
CSRF Guard flow (2)
What's new in CSRF Guard 4.x
CSRF Guard JSP Tag support
Conclusions and recommendations
Automation with nuclei templates
Nuclei detect CSRFGuard defaults
References

Taught by

OWASP Foundation

Reviews

Start your review of OWASP CSRFGuard: Understanding and Preventing Cross-Site Request Forgery

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.