Explore critical web application security threats in this 30-minute conference talk from AppSec EU 2017. Delve into Authentication Cross-Site Request Forgery (CSRF) attacks, their potential for sensitive information theft and account hijacking, and learn seven manual security testing strategies for vulnerability detection. Discover CSRF-Checker, a proof-of-concept tool based on OWASP ZAP for semi-automatic Authentication CSRF detection. Examine alarming results from testing Alexa top 1500 websites, revealing 191 vulnerable sites including those from major vendors like Microsoft and Google. Gain valuable insights into web application security and CSRF prevention techniques from OWASP Foundation's comprehensive presentation.