Specialized Testing: CSRF

Focused View

Christian Wenz

48:19

62 View

1. Course Overview

1. Course Overview.mp4

01:43

2. CSRF Fundamentals

1. Introduction.mp4

01:21

2. History of CSRF.mp4

02:20

3. State Management with Cookies.mp4

02:22

4. Anatomy of CSRF.mp4

04:54

5. CSRF Countermeasures.mp4

04:37

3. Testing for CSRF

1. Sample Application Introduction.mp4

01:53

2. Types of Cross-site Request Forgery.mp4

01:48

3. Demo - CSRF against GET Endpoints.mp4

04:54

4. Demo - CSRF against POST Endpoints.mp4

04:31

5. Demo - CSRF against Token-protected Endpoints.mp4

06:22

6. Demo - CSRF against Referrer Checks.mp4

03:47

7. Demo - CSRF against SameSite Cookies.mp4

06:00

8. Course Summary.mp4

01:47

Description

This course will teach you how to test for Cross-site Request Forgery (CSRF), a common attack against web applications.

What You'll Learn?

Cross-site Request Forgery (CSRF) is a common attack against web applications. In this course, Specialized Testing: CSRF, you’ll learn to audit an application for CSRF. First, you’ll explore the mechanics of CSRF. Next, you’ll discover different ways to find and exploit CSRF. Finally, you’ll learn how to detect and potentially circumvent CSRF countermeasures. When you’re finished with this course, you’ll have the skills and knowledge of testing for CSRF needed to audit an application for this kind of vulnerability..

More details

User Reviews

Rating

average 0

Total votes0

Focused display

PHP

Django

Python

Web App Development

Cyber Security

Network Security

Information Security

Cyber Security Awareness

Christian Wenz

Instructor's Courses

Christian Wenz is an author, consultant and trainer focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for ASP.NET, an ASPInsiders member, and main author of the Zend PHP 5.5 certification. His day job at Munich/London-based Arrabiata Solutions (http://www.arrabiata.com/) includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy and web technology mix.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.