Cross-site request forgery attacks leverage the fact that users often access multiple websites within the same browser. They take advantage of this to place code on one site that tricks a user’s browser into sending illegitimate requests to another site without the user’s knowledge. In this video, learn how cross-site request forgery attacks work and the ways that web developers may defend against them.
- [Narrator] Another danger facing web applications…is the threat of cross site request forgery.…These attacks are similar to cross site scripting attacks…but even more nefarious.…First, one quick note on terminology for the exam.…Cross site request forgery also goes by two acronyms,…some people call it CSRF…while others use the XSRF acronym.…Others even pronounce the acronym and call it sea surf.…
All of these terms refer to the same attack.…As you may recall, cross site scripting attacks…occur when an attacker exploits a third party website…to include scripts written by the attacker…in input shown to other users.…The user's web browser then executes that code…when it visits the site.…Cross site request forgery attacks go a step further…and prey upon the fact that users often…have multiple sites open at the same time.…And may be logged in to many different sites…in different browser tabs.…
As you may have noticed, authenticated sessions…crossover between those browser tabs.…Cross site request forgery attacks leverage this…
Members who take all eight courses in the series will be prepared to take and pass the CISSP exam. Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Understanding security and evaluation models
- Cloud computing and virtualization
- Securing hardware
- Client and server vulnerabilities
- Web security vulnerabilities
- Securing mobile and smart devices
- Understanding encryption
- Key management and public key infrastructure
- Physical security
Skill Level Advanced
1. Security Engineering
2. Cloud Computing and Virtualization
3. Hardware Security
4. Client and Server Vulnerabilities
5. Web Security
6. Mobile Security
7. Smart Device Security
9. Symmetric Cryptography
10. Asymmetric Cryptography
11. Key Management
12. Public Key Infrastructure
13. Cryptanalytic Attacks
14. Physical Security
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.