Outer Web | Explore

Explore >> Select a destination

You are here		www.paulosyibelo.com Cross Window Forgery: A Web Attack Vector - Blog
\|	\|	mathieu.fenniak.net Is your Web API susceptible to a CSRF exploit? \| Mathieu Fenniak	4.9 parsecs away Travel
\|	\|	Cross-site request forgery (CSRF) is a type of security exploit where a user's web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs. Here's a brief example of a fictitious CSRF attack against a bank:	4.9 parsecs away Travel
\|	\|	alesandroortiz.com Universal XSS in Android WebView (CVE-2020-6506) · Alesandro Ortiz	3.4 parsecs away Travel
\|	\|	Alesandro Ortiz: Software Engineer. Security Researcher.	3.4 parsecs away Travel
\|	\|	textslashplain.com Attacker Techniques: Gesture Jacking - text/plain	3.1 parsecs away Travel
\|	\|	A few years back, I wrote a short explainer about User Gestures, a web platform concept whereby certain sensitive operations (e.g. opening a popup window) will first attempt to confirm whether the user intentionally requested the action. As noted in that post, gestures are a weak primitive -- while checking whether the user clicked or...	3.1 parsecs away Travel
\|	\|	internalpointers.com Introduction to IP: the Internet Protocol - Internal Pointers	39.3 parsecs away Travel
\|		From routing to IP addressing, a look at the protocol that gives life to the Internet.	39.3 parsecs away Travel