Join Kevin Skoglund for an in-depth discussion in this video Cross-site request forgery (CSRF), part of Foundations of Programming: Web Security.
…In this movie, we'll learn about Cross-Site…Request Forgery, and how to protect against it.…Cross-Site Request Forgery, or CSRF for short, is when a…hacker tricks users into making a request to your server.…It can be used to generate fraudulent clicks.…For example, if the hacker is being paid based on page views by an advertiser.…They can trick people into generating fraudulent clicks for their website.…And they can…also take advantage of a user's logged in state.…That is, trick a user to do something that they…would not normally do while they're logged into a site.…
Let me show you an example.…Let's imagine that there's an on-line poll where you can vote for who is…the smartest hacker. So our hacker goes to the site and votes…for himself or herself. And the hacker notices that the URL for…voting in our poll, is https://fun-poll.com/vote?hacker=5674.…So they see this, you are only think, oh, that's the URL that places a vote for me.…If I can get other people to hit that same URL, it would create more votes for me.…
This course is great for developers who want to secure their client's websites, and for anyone else who wants to learn more about web security.
- Why security matters
- What is a hacker?
- How to write a security policy
- Cross-site scripting (XSS)
- Cross-site request forgery (CSRF)
- SQL injection
- Session hijacking and fixation
- Passwords and encryption
- Secure credit card payments
Skill Level Beginner
1. Security Overview
2. General Security Principles
3. Filtering Input, Controlling Output
4. The Most Common Attacks
5. Encryption and User Authentication
6. Other Areas of Concern
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.