Cross-site request forgery prevention

Cross-site request forgery attacks leverage the fact that users often access multiple websites within the same browser. They take advantage of this to place code on one site that tricks a user’s browser into sending illegitimate requests to another site without the user’s knowledge. In this video, learn how cross-site request forgery attacks work and the ways that web developers may defend against them.

- [Narrator] Another danger facing web applications…is the threat of cross-site request forgery.…These attacks are similar to cross-site scripting attacks…but even more nefarious. First, one quick note…on terminology for the exam. Cross-site request forgery…also goes by two acronyms. Some people call it CSRF…while others use the XSRF acronym.…Others even pronounce the acronym and call it "sea surf."…All of these terms refer to the same attack.…

As you may recall, cross-site scripting attacks occur…when an attacker exploits a third-party website to…include scripts written by the attacker in input…shown to other users. The user's web browser then executes…that code when it visits the site.…Cross-site request forgery attacks go a step further…and prey upon the fact that users often have…multiple sites open at the same time and may be logged in…to many different sites in different browser tabs.…

As you may have noticed, authenticated sessions…cross over between those browser tabs.…Cross-site request forgery attacks leverage this…

Resume Transcript Auto-Scroll

Author

Mike Chapple

Skill Level Advanced

4h 21m

Duration

42,356

Views

Show More Show Less

Related Courses

Introduction
- Welcome
  2m 53s
- What you need to know
  46s
1. Security Engineering
- Secure design principles
  5m 18s
- Security models
  4m 14s
- Security requirements
  3m 25s
2. Cloud Computing and Virtualization
- Virtualization
  4m 20s
- Cloud computing models
  3m 44s
- Public cloud tiers
  5m 35s
3. Hardware Security
- Memory protection
  3m 20s
- Interface protection
  4m 10s
- High availability and fault tolerance
  4m 52s
4. Client and Server Vulnerabilities
- Client security issues
  6m 16s
- Server security issues
  4m 25s
- NoSQL databases
  6m 53s
- Large-scale parallel and distributed systems
  4m 30s
5. Web Security
- OWASP top ten
  4m 52s
- SQL Injection prevention
  5m 20s
- Cross-site scripting prevention
  4m 2s
- Cross-site request forgery prevention
  4m 24s
- Fuzz testing
  6m 44s
- Session hijacking
  3m 50s
6. Mobile Security
- Mobile device security
  2m 35s
- Mobile device management
  6m 14s
- Mobile device tracking
  3m 14s
- Mobile application security
  4m 23s
- Bring your own device (BYOD)
  4m 47s
7. Smart Device Security
- Industrial control systems
  4m 36s
- Smart home technology
  3m 6s
- Securing the Internet of Things
  2m 57s
- Secure networking for the Internet of Things
  2m 28s
8. Encryption
- Understanding encryption
  3m 24s
- Symmetric and asymmetric cryptography
  5m 17s
- Goals of cryptography
  2m 49s
- Codes and ciphers
  3m 20s
- Choosing encryption algorithms
  3m 1s
- The perfect encryption algorithm
  3m 54s
- The cryptographic life cycle
  2m 49s
- Digital rights management
  2m 17s
9. Symmetric Cryptography
- Data Encryption Standard (DES)
  3m 19s
- 3DES
  3m 35s
- AES, Blowfish, and Twofish
  6m 40s
- RC4
  2m 23s
- Steganography
  4m 55s
10. Asymmetric Cryptography
- Rivest-Shamir-Adleman (RSA)
  3m 26s
- PGP and GnuPG
  11m 9s
- Elliptic-curve and quantum cryptography
  3m 19s
11. Key Management
- Key exchange
  3m 4s
- Diffie-Hellman
  5m 12s
- Key escrow
  3m 13s
- Key stretching
  1m 55s
12. Public Key Infrastructure
- Trust models
  3m 1s
- PKI and digital certificates
  4m 28s
- Hash functions
  9m 11s
- Digital signatures
  4m 4s
- Create a digital certificate
  4m 33s
- Revoke a digital certificate
  1m 48s
13. Cryptanalytic Attacks
- Brute-force attacks
  3m 12s
- Knowledge-based attacks
  2m 10s
14. Physical Security
- Site and facility design
  3m 7s
- Data center environmental controls
  4m 8s
- Data center environmental protection
  4m 58s
- Physical security control types
  3m 33s
- Physical access control
  4m 6s
- Visitor management
  1m 35s
Conclusion
- Next steps
  41s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start My Free Month

Skills covered in this course

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

Cross-site request forgery prevention

Author

Skill Level Advanced

Duration

Views

Related Courses

Insights from a Cybersecurity Professional

Cybersecurity Foundations

Cybersecurity for IT Professionals

IT Security Careers and Certifications: First Steps

Introduction

1. Security Engineering

2. Cloud Computing and Virtualization

3. Hardware Security

4. Client and Server Vulnerabilities

5. Web Security

6. Mobile Security

7. Smart Device Security

8. Encryption

9. Symmetric Cryptography

10. Asymmetric Cryptography

11. Key Management

12. Public Key Infrastructure

13. Cryptanalytic Attacks

14. Physical Security

Conclusion

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start My Free Month