|
You are here |
blog.deesee.xyz | ||
| | | | |
pentesterlab.com
|
|
| | | | | In this article we cover why standard libraries are so important for security to avoid developers reinventing the wheel. Something code reviewers and appsec engineers can leverage to judge the quality of a codebase | |
| | | | |
mathieu.fenniak.net
|
|
| | | | | Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank: | |
| | | | |
www.vlent.nl
|
|
| | | | | [AI summary] The article explains that Django's Cross-site request forgery (CSRF) protection relies on a 'Double Submit Cookie' mechanism requiring both a cookie and a form parameter, and demonstrates how the validation works and why it prevents malicious requests. | |
| | | | |
mattspitz.me
|
|
| | | software engineering musings | ||