Cookies can be a security vulnerability because they can be viewed, stolen, or imitated.
- Let's learn how to protect our websites … from Cross-Site Request Forgery attacks. … The simplest defense against CSRF attacks … is to put some thought into which pages … use GET and POST requests. … Use GET requests for retrieving data, … not for actions which make changes. … Use POST requests, such as form submissions, … for actions which make changes. … An image source tag will always send … a GET request. … The HTML is expecting to read an image, … not to make a change. … If the bank require transfers … to use POST requests, then this URL would … be rejected for being the wrong request type. … Now this does not prevent CSRF attacks, … but it prevents those that are easiest to craft. … The strongest defense against CSRF attacks … is to use CSRF tokens. … Here's how it works. … First, you generate a long, unique random string … which can act as a token. … Then you store it in the user's session data. … The session data is usually kept … on the server, so the user or an attacker … would not be able to inspect it. …
- Threat models
- Least privilege
- Defense in depth
- Validating and sanitizing input
- Credential attacks
- SQL injection
- Cross-site scripting
Skill Level Beginner
Web Programming Foundationswith Morten Rand-Hendriksen58m 44s Beginner
Web Security: Same-Origin Policieswith Sasha Vodnik1h 54m Advanced
1. Security Overview
2. General Security Principles
3. Filter Input, Control Output
4. The Most Common Attacks
Next steps2m 26s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.