From the course: ASP.NET: Security
Join today to access over 24,800 courses taught by industry experts.
Cross-Site Request Forgery (CSRF)
From the course: ASP.NET: Security
Cross-Site Request Forgery (CSRF)
- [Tutor] The final attack I would like to cover in this chapter is Cross-Site Request Forgery, or in short CSRF. Some people use XSRF as the abbreviation but CSRF is just more common, so I'll stick with that. There're different approaches to Cross-Site Request Forgery but I'll show you the most common one. The idea is that the victim is authenticated with a web application and the web application is using a cookie-based authentication meaning that every HTTP request comes with the cookie. And based on the cookie, the application authenticates and also authorizes the user. And this could be abused in the following fashion. The attacker somehow lures the victim to make an HTTP request to their site. So an HTTP request is being sent to the attacker's server and the attacker returns an HTTP response that in turn triggers a new HTTP request. For instance by doing redirection or with some JavaScript code that does…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
(Locked)
OWASP Top 102m 49s
-
(Locked)
Cross-site scripting (XSS): The attack5m 10s
-
(Locked)
Cross-site scripting (XSS): The defense4m 18s
-
(Locked)
Cross-site scripting (XSS) in JavaScript5m 19s
-
(Locked)
Same-origin policy and CORS5m 12s
-
(Locked)
SQL injection with ADO.NET3m 56s
-
(Locked)
SQL injection with Entity Framework3m 32s
-
(Locked)
Fixing SQL injection4m 27s
-
(Locked)
Cross-Site Request Forgery (CSRF)4m 40s
-
(Locked)
Defending against CSRF4m 40s
-
(Locked)
-
-
-
-