Simple play icon Course

Web App Hacking: Cross-Site Request Forgery (CSRF)

by Dawid Czagan

This course helps to understand a Cross-Site Request Forgery attack (CSRF). You'll learn how the CSRF attack works, how severe consequences can happen as a result of this attack, and what the common problems are with the anti-CSRF implementation.

What you'll learn

Cross-Site Request Forgery (CSRF) is one of the most prevalent attacks in modern web applications. In this course, Web App Hacking: Cross-Site Request Forgery (CSRF), you'll learn how to avoid the severe consequences of the CSRF attack. First, you'll discover how a CSRF attack works and how an attacker can take over a user's account with this attack. Next, you'll explore how the attacker can launch a CSRF attack as a result of insecure processing of an anti-CSRF token. Then, you'll learn how the attacker can switch a user to his account with a login CSRF attack. After that, you'll discover the importance of regeneration, and how the attacker can launch the CSRF attack when the anti-CSRF token is not regenerated at the time of authentication. Finally, you'll dive into an interesting case study of a CSRF attack. By the end of the course, you'll know how a CSRF attack works, how to test web applications for this attack, and how to prevent this attack from happening.

About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings. He has delivered security training courses at key industry conferences, such as Hack In The Box, CanSecWest, 44CON, Hack In Paris, DeepSec, BruCON, and for many corporate clients. His students include security specialists from Oracle, Adobe, Red H... more

Ready to upskill? Get started