Explore >> Select a destination
|
You are here 
|
brockallen.com | ||
| | | | |
mathieu.fenniak.net
|
|
| | | | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | |
| | | | |
neilmadden.blog
|
|
| | | | | In XSS doesn't have to be Game Over, and earlier when discussing Can you ever (safely) include credentials in aURL?, I raised the possibility of standardising a new URL scheme that safely allows encoding a bearer token into a URL. This makes it more convenient to use lots of very fine-grained tokens rather than one... | |
| | | | |
www.sjoerdlangkemper.nl
|
|
| | | | | Cookies are typically sent to third parties in cross origin requests. This can be abused to do CSRF attacks. Recently a new cookie attribute was proposed to disable third-party usage for some cookies, to prevent CSRF attacks. This post will describe the same-site cookie attribute and how it helps against CSRF. | |
| | | | |
claroty.com
|
|
| | | Team82 uncovered eight vulnerabilities that not only bypassed the authentication and authorization features in Unitronics UniStream PLCs, but also were able to chain to gain remote code execution on the device. | ||
