Deck451Web Security Academy: CSRF — Token is duplicated in cookieWhat could go wrong, right?22h ago22h ago
Deck451Web Security Academy: CSRF — Token is tied to non-session cookieRight idea, wrong cookie6d ago6d ago
Deck451Web Security Academy: CSRF — Token is not tied to user sessionCSRF tokens and user sessionsJun 30Jun 30
Deck451Web Security Academy: CSRF — Token validation depends on token being presentCSRF, tokens… and token validation mechanismsJun 24Jun 24
Deck451Web Security Academy: CSRF — Token validation depends on request methodWhen validation occurs only on some types of requestsJun 16Jun 16
Deck451Web Security Academy: CSRF— Basic CSRF vulnerability with no defensesBasic proof-of-concept CSRF labJun 8Jun 8
Deck451Web Security Academy: Path traversal — Validation of file extension with null byte bypassUsing null byte injection to bypass filename valiJun 1Jun 1
Deck451Web Security Academy: Path traversal — Validation of start of pathInsufficient input validation can’t be good newsMay 26May 26
Deck451Web Security Academy: Path traversal — Traversal sequences stripped with superfluous URL-decodePersistence is keyMay 18May 18
Deck451Web Security Academy: Path traversal — Traversal sequences stripped non-recursivelyWhen the job is only halfway done…May 11May 11