CSRF protection

Cross-site request forgery (CSRF) is a common attack on web sites and web applications. Simply put, it tries to make an application react to HTTP requests. Most frameworks come with a mechanism to prevent these attacks, and Laravel is no exception. However, Laravel does it in a way that makes it very simple to protect an asset from these attacks, and also very simple to make an exception.

- [Instructor] We want to keep our application simple,…yet we don't want just anyone to be able to send data…and make our application work.…That is, unless we wanted to create an API.…But since this is not the case,…we want to avoid these so-called CSRF,…or Cross-Site Request Forgery attacks.…A Cross-Site Request Forgery attack implies…that someone has figured out how our application works…and wants to send garbage to our app.…So, by sending the correct parameters,…they could end up filling our database…with thousands of useless records.…

We could try and use PHP's referer value,…but this can be easily spoofed since it's based on headers.…Luckily for us,…Laravel comes with a built-in middleware…to handle this type of security.…For the sake of development speed,…all of our previous examples have…the CSRF security check disabled.…So, let's re-enable it.…Let's open up our code.…Let's open up our sidebar with Control B or Command B,…right-click and close all,…and let's open with Command P or Control P,…and let's type verify…

Resume Transcript Auto-Scroll

Author

Bernard Pineda

Skill Level Intermediate

1h 30m

Duration

29,743

Views

Show More Show Less

Related Courses

Introduction
- Welcome
  48s
- What you should know
  36s
- Using the exercise files
  28s
- Demo the application
  30s
- Setting up the project
  5m 29s
1. Test-Driven Development
- The TDD paradigm
  3m 41s
- Build features with unit tests
  7m 58s
- Build features with functional tests
  5m 7s
2. Application Security
- Handle volatile data with sessions
  5m 9s
- CSRF protection
  4m 11s
- Create a login form
  3m 26s
- Make the login form work
  3m 20s
- Application authentication
  4m 28s
3. Beyond the Basics
- Force a download
  3m 25s
- Upload files
  8m 34s
- Data seeding for development
  7m 25s
- Homestead and Vagrant
  8m 19s
4. Deploying Laravel Applications
- Use environment variables
  4m 54s
- Deployment setup
  3m 39s
- Deploy an app
  7m 59s
Conclusion
- Next steps
  45s

Show MoreShow Less

Take notes with your new membership!

Type in the entry box, then click Enter to save your note.

1:30Press on any video thumbnail to jump immediately to the timecode shown.

Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.

Start My Free Month

Skills covered in this course

Categories

3D + Animation Topics

3D + Animation Software

3D + Animation Learning Paths

Audio + Music Topics

Audio + Music Software

Audio + Music Learning Paths

Business Topics

Business Software

Business Learning Paths

Business Guides

CAD Topics

CAD Software

CAD Learning Paths

Design Topics

Design Software

Design Learning Paths

Developer Topics

Developer Software

Developer Learning Paths

Education + Elearning Topics

Education + Elearning Software

Education + Elearning Learning Paths

IT Topics

IT Software

IT Learning Paths

Marketing Topics

Marketing Software

Marketing Learning Paths

Photography Topics

Photography Software

Photography Learning Paths

Video Topics

Video Software

Video Learning Paths

Web Topics

Web Software

Web Learning Paths

Web Guides

CSRF protection

Author

Skill Level Intermediate

Duration

Views

Related Courses

MVC Frameworks for Building PHP Web Applications

PHP: Creating Secure Websites

Ajax with PHP: Add Dynamic Content to Websites

Learning Symfony 3

Introduction

1. Test-Driven Development

2. Application Security

3. Beyond the Basics

4. Deploying Laravel Applications

Conclusion

Take notes with your new membership!

Skills covered in this course

Continue Assessment

Start My Free Month