Cross Site Request Forgery

•Als PPT, PDF herunterladen•

3 gefällt mir•4,731 views

Talk on CSRF I gave at work that talks about CSRF, how to prevent it and how frameworks can make prevention nearly automatic.

Technologie

[object Object],[object Object],Cross Site Request Forgeries

Rasmus Lerdorf “ The Web is broken and it's all your fault.”

“ There is no metric for compliance with a 'culture', and a 'culture of security' is overridden by a culture of 'get the job done' every time.” Jon Espenschied

Common Coding Vulnerabilities ,[object Object],[object Object],[object Object],[object Object]

“ Same Origin” Policy document, cookies bank.com blog.net XHR XHR TAG TAG JS

How CSRF Works ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What Can a Hacker Do With CSRF? ,[object Object],[object Object],[object Object]

CSRF Prevention ,[object Object],[object Object],[object Object],[object Object],[object Object]

Framework-based Security ,[object Object],[object Object],[object Object]

CSRF Resources ,[object Object],[object Object]

Contacting Me ,[object Object],[object Object]

Credits ,[object Object],[object Object]

Weitere ähnliche Inhalte

Was ist angesagt?

Cross site scripting (xss) attacks issues and defense - by sandeep kumbharSandeep Kumbhar

Waf bypassing TechniquesAvinash Thapa

CSRF Attack and Its Prevention technique in ASP.NET MVCSuvash Shah

A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew

The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén

Neat tricks to bypass CSRF-protectionMikhail Egorov

Cross site scriptingn|u - The Open Security Community

Cross Site Scripting ( XSS)Amit Tyagi

Vulnerabilities in modern web applicationsNiyas Nazar

Intro to Web Application SecurityRob Ragan

SSRF For Bug BountiesOWASP Nagpur

Secure Session ManagementGuidePoint Security, LLC

Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar

SsrfIlan Mindel

Cross Site Scripting Going Beyond the Alert BoxAaron Weaver

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili

Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com

Web Application Penetration Testing Priyanka Aash

PPT on PhishingPankaj Yadav

Xss pptpenetration Tester

Was ist angesagt? (20)

Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar

Waf bypassing Techniques

CSRF Attack and Its Prevention technique in ASP.NET MVC

A2 - broken authentication and session management(OWASP thailand chapter Apri...

The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016

Neat tricks to bypass CSRF-protection

Cross site scripting

Cross Site Scripting ( XSS)

Vulnerabilities in modern web applications

Intro to Web Application Security

SSRF For Bug Bounties

Secure Session Management

Deep understanding on Cross-Site Scripting and SQL Injection

Ssrf

Cross Site Scripting Going Beyond the Alert Box

WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour

Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...

Web Application Penetration Testing

PPT on Phishing

Xss ppt

Ähnlich wie Cross Site Request Forgery

Web Security Overview and DemoTony Bibbs

Session7-XSS & CSRFzakieh alizadeh

Cyber security 2.pptxNotSure11

XSS-Alert-Pentration testing toolArjun Jain

Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil

A4 A K S H A Y B H A R D W A Jbhardwajakshay

Cross Site Scripting (XSS)OWASP Khartoum

04. xss and encodingEoin Keary

VodQA3_PenetrationTesting_AmitDhakkadvodQA

CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011Samvel Gevorgyan

Web-Security-Application.pptxhamidTalib2

Application Context and Discovering XSS without Todd Benson (I.T. SPECIALIST and I.T. SECURITY)

Xss frame workNgọc Liệu Nguyễn

Evolution Of Web SecurityChris Shiflett

Cyber securitySakib Sami

Xss is more than a simple threatAvădănei Andrei

Xss is more than a simple threatRomanian Cyber Conference

WebApps_Lecture_15.pptOmprakashVerma56

Starwest 2008Caleb Sima

Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”Capgemini

Ähnlich wie Cross Site Request Forgery (20)

Web Security Overview and Demo

Session7-XSS & CSRF

Cyber security 2.pptx

XSS-Alert-Pentration testing tool

Owasp Top 10 - Owasp Pune Chapter - January 2008

A4 A K S H A Y B H A R D W A J

Cross Site Scripting (XSS)

04. xss and encoding

VodQA3_PenetrationTesting_AmitDhakkad

CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011

Web-Security-Application.pptx

Application Context and Discovering XSS without

Xss frame work

Evolution Of Web Security

Cyber security

Xss is more than a simple threat

WebApps_Lecture_15.ppt

Starwest 2008

Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”

Kürzlich hochgeladen

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55

GenCyber Cyber Security Day PresentationMichael W. Hawkins

Scaling API-first – The story of a global engineering organizationRadu Cotescu

Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix

SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren

Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes

Pigging Solutions in Pet Food ManufacturingPigging Solutions

AI as an Interface for Commercial BuildingsMemoori

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j

Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko

The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad

Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst

Salesforce Community Group Quito, Salesforce 101Paola De la Torre

04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG

Key Features Of Token Development (1).pptxLBM Solutions

Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes

Understanding the Laravel MVC ArchitecturePixlogix Infotech

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada

Kürzlich hochgeladen (20)

Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...

GenCyber Cyber Security Day Presentation

Scaling API-first – The story of a global engineering organization

Swan(sea) Song – personal research during my six years at Swansea ... and bey...

SQL Database Design For Developers at php[tek] 2024

Azure Monitor & Application Insight to monitor Infrastructure & Application

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024

How to Troubleshoot Apps for the Modern Connected Worker

Pigging Solutions in Pet Food Manufacturing

AI as an Interface for Commercial Buildings

Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...

Handwritten Text Recognition for manuscripts and early printed texts

The Codex of Business Writing Software for Real-World Solutions 2.pptx

Human Factors of XR: Using Human Factors to Design XR Systems

Salesforce Community Group Quito, Salesforce 101

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Key Features Of Token Development (1).pptx

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners

Understanding the Laravel MVC Architecture

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024