Course info
October 9, 2017
51m 13s

Cross-Site Request Forgery (CSRF) is one of the most prevalent attacks in modern web applications. In this course, Web App Hacking: Cross-Site Request Forgery (CSRF), you'll learn how to avoid the severe consequences of the CSRF attack. First, you'll discover how a CSRF attack works and how an attacker can take over a user's account with this attack. Next, you'll explore how the attacker can launch a CSRF attack as a result of insecure processing of an anti-CSRF token. Then, you'll learn how the attacker can switch a user to his account with a login CSRF attack. After that, you'll discover the importance of regeneration, and how the attacker can launch the CSRF attack when the anti-CSRF token is not regenerated at the time of authentication. Finally, you'll dive into an interesting case study of a CSRF attack. By the end of the course, you'll know how a CSRF attack works, how to test web applications for this attack, and how to prevent this attack from happening.

About the author
About the author

Dawid Czagan is listed among the Top 10 Hackers by HackerOne. He has found security vulnerabilities in Google, Yahoo, Mozilla, Microsoft, Twitter, and other companies. Due to the severity of these bugs, he has received numerous awards for his findings.

More from the author
Web App Hacking: Hacking XML Processing
50m 16s
23 Jan 2018
Web App Hacking: Caching Problems
45m 41s
10 May 2017
More courses by Dawid Czagan