Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Cross-Site Request Forgery (CSRF)
Introduction
Course Introduction (1:54)
Course Slides and Scripts
Getting Help
Answering Your Questions (3:11)
Join the Discord Server
Lab Environment Setup
Lab Environment Setup (7:21)
Step-by-Step Guide
CSRF - Technical Deep Dive
Agenda (0:47)
What is CSRF (17:01)
How to Find CSRF Vulnerabilities (6:53)
How to Exploit CSRF Vulnerabilities (6:42)
How to Prevent CSRF Vulnerabilities (14:22)
Resources (0:40)
Hands-On CSRF Labs
Note - Changes to Python Simple Server
Lab #1 CSRF vulnerability with no defenses (22:22)
Lab #2 CSRF where token validation depends on request method (20:33)
Lab #3 CSRF where token validation depends on token being present (14:29)
Lab #4 CSRF where token is not tied to user session (18:01)
Lab #5 CSRF where token is tied to non-session cookie (27:32)
Lab #6 CSRF where token is duplicated in cookie (21:05)
Lab #7 CSRF where Referer validation depends on header being present (19:53)
Lab #8 CSRF with broken Referer validation (18:14)
Lab #9 SameSite Lax bypass via method override (7:51)
Lab #10 SameSite Strict bypass via client-side redirect (12:45)
Lab #11 SameSite Strict bypass via sibling domain (24:10)
Lab #12 SameSite Lax bypass via cookie refresh (18:29)
Thank You!
Thank You!
Lab #1 CSRF vulnerability with no defenses
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock