Overview
Syllabus
Intro
What is Cross-Site Request Forgery
The classic example
More recent CSRF Attack
Relaxing the SOP (1)
Anything else? Yes, ofCORS!
When it's safe to fly?
CORS Server side headers
Real world CSRF attack payloads
Searching for CSRF exploits
Searching for recent CSRF exploits
How to prevent it?
SameSite - the game changer
So when would you need CSRF Guaru..
CSRF Guard flow (2)
What's new in CSRF Guard 4.x
CSRF Guard JSP Tag support
Conclusions and recommendations
Automation with nuclei templates
Nuclei detect CSRFGuard defaults
References
Taught by
OWASP Foundation