CSRF vulnerabilities happen when attackers can initiate forged state-changing requests from a foreign domain. This usually occurs because the user’s browser sends session cookies regardless of where the request originates from.
Besides implementing CSRF tokens to ensure the authenticity of requests, another way of protecting against CSRF is
A web application instructs the user’s browser to set cookies via a
Set-Cookie header. For example, this header will make the client browser set the value of the cookie
Besides the basic “cookie_name=cookie_value” designation, the
Set-Cookie header allows several optional flags you can use to protect your users’ cookies. One of them is the
SameSite flag, which helps prevent CSRF attacks. When the
SameSite flag on a cookie is set to
Strict, the client’s browser will not send the cookie during cross-site requests. …
Have you ever asked a question on the internet (on Twitter, Reddit, Stack Overflow) just to have it completely ignored?
Lately, I have received many questions about cybersecurity via email and Twitter DMs. And honestly, I am guilty of ignoring quite a few of them. The unfortunate truth is that there are a lot of people online asking technical questions and a much smaller number of people answering questions. When it comes down to it, there is simply not enough time to answer every question in detail.
However, there are things you can do to help people help you on the internet. …
Fuzzing is a way of finding bugs using automation. It involves providing a wide range of invalid and unexpected data to an application and then monitoring the application for exceptions. In particular, web application fuzzing is the field of fuzzing web applications to expose common web vulnerabilities, like injection issues, XSS, and more.
I’ve discussed how fuzzing can help you discover XSS and SQL injections automatically in an earlier article. If you haven’t already, please take a look to understand the basics of fuzzing!
But how do you fuzz a web application effectively? And how can you utilize tools to achieve your goals? Today, we’ll take a practical look at how to fuzz for the most common web vulnerabilities using the open-source tool Wfuzz. …