xsrf how it works
play

XSRF How it works 3 - form is submitted on bank.com 4 - bank.com - PowerPoint PPT Presentation

XSRF How it works 3 - form is submitted on bank.com 4 - bank.com helpfully transfers money into trouts account 2 - evil.fish includes form on bank.com 1-user goes to evil.fish Defenses Form keys Check HTTP referer CSRF


  1. XSRF

  2. How it works 3 - form is submitted on bank.com 4 - bank.com helpfully transfers money into trout’s account 2 - evil.fish includes form on bank.com 1-user goes to evil.fish

  3. Defenses • Form keys • Check HTTP referer • CSRF tokens • Short cookie expiration date • Encourage users to log out

  4. Homework • https://google-gruyere.appspot.com/

Recommend


More recommend