With more web applications using persistent logins and users keeping more applications open in browser tabs, Cross-Site Request Forgery (CSRF) is an attractive vulnerability for malicious actors to exploit. CSRF is one of the OWASP Top 10, and rightfully so. This talk will describe the vulnerability, show some examples (maybe demonstrate it, demo gods willing), and then show a few techniques to prevent and mitigate abuse.

Bio: Barry is a professional software developer with some professional experience, primarily as a web developer using C# and .Net, and he detangles JavaScript and SQL as needed. Barry is also a member of his local OWASP chapter in Bloomington, where he practices conference talks. In his free time, he plays video games and practices lockpicking with the Bloomington Fraternal Order of Locksport. You may have met him at the Lockpicking Villages of CircleCityCon or DerbyCon.

Back to Circle City Con 2015 Videos list