XSRF How it works 3 - form is submitted on bank.com 4 - bank.com - PowerPoint PPT Presentation
XSRF How it works 3 - form is submitted on bank.com 4 - bank.com helpfully transfers money into trouts account 2 - evil.fish includes form on bank.com 1-user goes to evil.fish Defenses Form keys Check HTTP referer CSRF
XSRF
How it works 3 - form is submitted on bank.com 4 - bank.com helpfully transfers money into trout’s account 2 - evil.fish includes form on bank.com 1-user goes to evil.fish
Defenses • Form keys • Check HTTP referer • CSRF tokens • Short cookie expiration date • Encourage users to log out
Homework • https://google-gruyere.appspot.com/
Recommend
More recommend
Explore More Topics
Stay informed with curated content and fresh updates.
Sambuz