Deck451Web Security Academy: CSRF — SameSite Strict bypass via sibling domainAnother SameSite=Strict bypassAug 3Aug 3
Deck451Web Security Academy: CSRF — SameSite Strict bypass via client-side redirectBypassing SameSite=Strict cookie settingJul 28Jul 28
Deck451Web Security Academy: CSRF — SameSite Lax bypass via method overrideNothing is bulletproofJul 21Jul 21
Deck451Web Security Academy: CSRF — Token is duplicated in cookieWhat could go wrong, right?Jul 13Jul 13
Deck451Web Security Academy: CSRF — Token is tied to non-session cookieRight idea, wrong cookieJul 7Jul 7
Deck451Web Security Academy: CSRF — Token is not tied to user sessionCSRF tokens and user sessionsJun 30Jun 30
Deck451Web Security Academy: CSRF — Token validation depends on token being presentCSRF, tokens… and token validation mechanismsJun 24Jun 24
Deck451Web Security Academy: CSRF — Token validation depends on request methodWhen validation occurs only on some types of requestsJun 16Jun 16
Deck451Web Security Academy: CSRF— Basic CSRF vulnerability with no defensesBasic proof-of-concept CSRF labJun 8Jun 8
Deck451Web Security Academy: Path traversal — Validation of file extension with null byte bypassUsing null byte injection to bypass filename valiJun 1Jun 1