A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Surfing the Sea and Drowning in Tabs: An Introduction to Cross-Site Request Forgery - Barry Schatz (Circle City Con 2015 Videose 2015) (Hacking Illustrated Series InfoSec Tutorial Videos)

Surfing the Sea and Drowning in Tabs: An Introduction to Cross-Site Request Forgery
Barry Schatz

Circle City Con 2015

With more web applications using persistent logins and users keeping more applications open in browser tabs, Cross-Site Request Forgery (CSRF) is an attractive vulnerability for malicious actors to exploit. CSRF is one of the OWASP Top 10, and rightfully so. This talk will describe the vulnerability, show some examples (maybe demonstrate it, demo gods willing), and then show a few techniques to prevent and mitigate abuse.

Bio: Barry is a professional software developer with some professional experience, primarily as a web developer using C# and .Net, and he detangles JavaScript and SQL as needed. Barry is also a member of his local OWASP chapter in Bloomington, where he practices conference talks. In his free time, he plays video games and practices lockpicking with the Bloomington Fraternal Order of Locksport. You may have met him at the Lockpicking Villages of CircleCityCon or DerbyCon.

Back to Circle City Con 2015 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast