Cross-Site Request Forgery (CSRF) is one of the most prevalent attacks in modern web applications. In this course, Web App Hacking: Cross-Site Request Forgery (CSRF), you'll learn how to avoid the severe consequences of the CSRF attack. First, you'll discover how a CSRF attack works and how an attacker can take over a user's account with this attack. Next, you'll explore how the attacker can launch a CSRF attack as a result of insecure processing of an anti-CSRF token. Then, you'll learn how the attacker can switch a user to his account with a login CSRF attack. After that, you'll discover the importance of regeneration, and how the attacker can launch the CSRF attack when the anti-CSRF token is not regenerated at the time of authentication. Finally, you'll dive into an interesting case study of a CSRF attack. By the end of the course, you'll know how a CSRF attack works, how to test web applications for this attack, and how to prevent this attack from happening.
- Understanding a CSRF Attack
- Validation of an Anti-CSRF Token
- CSRF Login Attack
- Regeneration of an Anti-CSRF Token
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.