|
You are here |
bogs.io | ||
| | | | |
www.vlent.nl
|
|
| | | | | [AI summary] The article explains that Django's Cross-site request forgery (CSRF) protection relies on a 'Double Submit Cookie' mechanism requiring both a cookie and a form parameter, and demonstrates how the validation works and why it prevents malicious requests. | |
| | | | |
www.smashingmagazine.com
|
|
| | | | | Web application developers today need to be skilled in a multitude of disciplines. It's necessary to build an application that is user friendly, highly performant, accessible and secure, all while executing partially in an untrusted environment that you, the developer, have no control over. I speak, of course, about the User Agent. Most commonly seen in the form of a web browser, but in reality, one never really knows what's on the other end of the HTTP connection. | |
| | | | |
wouterj.nl
|
|
| | | | | Cross-site Request Forgery (CSRF) is one of the traditional vulnerabilities that web applications have to deal with. Every web framework - including Symfony - supports CSRF protection out of the box. A lesser known vulnerability is Login CSRF, a special kind of CSRF attack. | |
| | | | |
mathieu.fenniak.net
|
|
| | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | ||