From the course: CompTIA Security+ (SY0-601) Cert Prep: 2 Secure Code Design and Implementation
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Request forgery
From the course: CompTIA Security+ (SY0-601) Cert Prep: 2 Secure Code Design and Implementation
Request forgery
- [Instructor] Another danger facing web applications is the threat of cross-site request forgery. These attacks are similar to cross-site scripting attacks but they're even more dangerous. But first one quick note on terminology. cross-site request forgery, also goes by two different acronyms. Some people call is CSRF, while others use the XSRF acronym. Others even pronounce the acronym and call it sea surf. All of these terms refer to the same attack. As you may recall, cross-site scripting attacks occur when an attack exploits a third-party website to include scripts written by the attacker in input shown to other users. The user's web browser then executes that code when it visits the site. cross-site request forgery attacks go a step further and prey upon the fact that users often have multiple sites open at the same time. And they may be logged in to many different sites and different browser tabs. As you may have…
Contents
-
-
-
-
-
(Locked)
OWASP Top 105m 36s
-
(Locked)
Application security4m 13s
-
(Locked)
Prevent SQL injection4m 25s
-
(Locked)
Cross-site scripting3m 17s
-
(Locked)
Request forgery4m 8s
-
(Locked)
Defend against directory traversal3m 6s
-
(Locked)
Overflow attacks3m 21s
-
(Locked)
Cookies and attachments4m 25s
-
(Locked)
Session hijacking4m 8s
-
(Locked)
Code execution attacks2m 43s
-
(Locked)
Privilege escalation1m 56s
-
(Locked)
Driver manipulation2m 16s
-
(Locked)
Memory vulnerabilities3m 34s
-
(Locked)
Race condition vulnerabilities2m 14s
-
(Locked)
-
-