Explore >> Select a destination
|
You are here 
|
bogs.io | ||
| | | | |
www.sjoerdlangkemper.nl
|
|
| | | | | Cookies are typically sent to third parties in cross origin requests. This can be abused to do CSRF attacks. Recently a new cookie attribute was proposed to disable third-party usage for some cookies, to prevent CSRF attacks. This post will describe the same-site cookie attribute and how it helps against CSRF. | |
| | | | |
www.vlent.nl
|
|
| | | | | [AI summary] The article explains that Django's Cross-site request forgery (CSRF) protection relies on a 'Double Submit Cookie' mechanism requiring both a cookie and a form parameter, and demonstrates how the validation works and why it prevents malicious requests. | |
| | | | |
www.smashingmagazine.com
|
|
| | | | | Web application developers today need to be skilled in a multitude of disciplines. It's necessary to build an application that is user friendly, highly performant, accessible and secure, all while executing partially in an untrusted environment that you, the developer, have no control over. I speak, of course, about the User Agent. Most commonly seen in the form of a web browser, but in reality, one never really knows what's on the other end of the HTTP connection. | |
| | | | |
mathieu.fenniak.net
|
|
| | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | ||
