Lessons: 20Length: 2.1 hours
- Overview
- Transcript
3.11 Cross-Site Request Forgery
A cross-site request forgery (CSRF) attack occurs when an attacker directs someone to a website that forwards a forged request to the server using the person's own credentials. In this video, I'll discuss cookie expirations, secure cookies, CSRF tokens, stale sessions, and using the browser Origin header to reject requests sent from invalid locations.
1.Introduction
1.1Introduction00:40
1.1
Introduction
00:40
2.The WidgetCorp App
2.1Introducing the App10:09
2.1
Introducing the App
10:09
2.2Data Modeling04:19
2.2
Data Modeling
04:19
2.3Development Environment Setup10:32
2.3
Development Environment Setup
10:32
2.4Configuration Defaults09:39
2.4
Configuration Defaults
09:39
3.OWASP Top Ten
3.1Injection Attacks and Defenses (Reflected, PHP, and JavaScript)07:38
3.1
Injection Attacks and Defenses (Reflected, PHP, and JavaScript)
07:38
3.2Injection Attacks (Mail, File, and SQL)05:16
3.2
Injection Attacks (Mail, File, and SQL)
05:16
3.3Injection Defenses (File System, Mail)15:04
3.3
Injection Defenses (File System, Mail)
15:04
3.4MySQL Injection Defenses02:46
3.4
MySQL Injection Defenses
02:46
3.5Authentication09:50
3.5
Authentication
09:50
3.6Broken Authentication and Session Management04:08
3.6
Broken Authentication and Session Management
04:08
3.7Insecure Direct Access or Object Reference05:20
3.7
Insecure Direct Access or Object Reference
05:20
3.8Security Configuration12:18
3.8
Security Configuration
12:18
3.9Sensitive Data08:26
3.9
Sensitive Data
08:26
3.10Missing Function-Level Access Control02:13
3.10
Missing Function-Level Access Control
02:13
3.11Cross-Site Request Forgery04:48
3.11
Cross-Site Request Forgery
04:48
3.12Known Vulnerable Components03:43
3.12
Known Vulnerable Components
03:43
3.13Unvalidated Redirects03:04
3.13
Unvalidated Redirects
03:04
3.14Brute-Force Attacks07:09
3.14
Brute-Force Attacks
07:09
4.Conclusion
4.1Conclusion00:48
4.1
Conclusion
00:48
