Save 40% on Coursera Plus Annual
CSRF Defense Strategies - Not All Are Created Equal

CSRF Defense Strategies - Not All Are Created Equal

OWASP Foundation via YouTube Direct link

High Level Defenses (Design Patterns)

3 of 11
Previous
Next

3 of 11

High Level Defenses (Design Patterns)

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

CSRF Defense Strategies - Not All Are Created Equal

Automatically move to the next video in the Classroom when playback concludes
  1. 1 Intro
  2. 2 If you can predict all the parameters for an action, you can fake it
  3. 3 High Level Defenses (Design Patterns)
  4. 4 Primary Defense is the Synchronizer Token Pattern
  5. 5 Second Defensive Option is Double Submit Cookies This option used less often, but useful for things like REST
  6. 6 A Third Option is Any Form of Challenge Response System Rarely Used Exclusively for CSRF Defense
  7. 7 CSRFGuard Implements the Synchronizer Token Pattern and Makes a New Token For Each Session
  8. 8 Tomcat 7 Includes a CSRF Prevention Filter
  9. 9 F5's ASM Can Insert a Token in All Links and Forms to Implement the Synchronizer Token Pattern
  10. 10 Imperva Secure Sphere Can Detect CSRF Attacks by Checking the Referrer Header
  11. 11 CSRF Token Names Can Reveal What Library You Are Using

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.