Description:
Explore the intricacies of Cross Site Request Forgery (CSRF) attacks and countermeasures in this 47-minute Black Hat USA 2013 conference talk. Delve into the challenges of implementing effective CSRF protections and the difficulties in detecting vulnerabilities through automated tools. Learn how to model attacks to validate countermeasure effectiveness, and discover a proposed new header-based policy introducing Storage Origin Security (SOS) for cookies and session objects. Gain insights into simplifying CSRF prevention at the HTTP layer, potentially improving web security without extensive HTML modifications. Examine topics such as cross-origin requests, user-intended actions, strong secrets, CSRF tokens, mobile app considerations, and Content Security Policy. Witness demonstrations and explore real-world examples, including WordPress countermeasures and social engineering aspects.
Dissecting CSRF Attacks & Countermeasures
Add to list
#Conference Talks
#Black Hat
#Information Security (InfoSec)
#Ethical Hacking
#Cross-Site Request Forgery (CSRF)
#Programming
#Web Development
#Web Application Security
#Cybersecurity
#Web Security
#Content Security Policy (CSP)