Deck451inOSINT TeamWeb Security Academy: CSRF — Broken Referer validationHow not to do referer validation — reloadedSep 29Sep 29
Deck451inOSINT TeamWeb Security Academy: CSRF — Referer validation depends on header being presentHow not to do referer validationSep 21Sep 21
Deck451inOSINT TeamWeb Security Academy: CSRF — SameSite Lax bypass via cookie refreshBypassing SameSite=Lax cookie settingAug 20Aug 20
Deck451Web Security Academy: CSRF — SameSite Strict bypass via sibling domainAnother SameSite=Strict bypassAug 3Aug 3
Deck451Web Security Academy: CSRF — SameSite Strict bypass via client-side redirectBypassing SameSite=Strict cookie settingJul 28Jul 28
Deck451Web Security Academy: CSRF — SameSite Lax bypass via method overrideNothing is bulletproofJul 21Jul 21
Deck451Web Security Academy: CSRF — Token is duplicated in cookieWhat could go wrong, right?Jul 13Jul 13
Deck451Web Security Academy: CSRF — Token is tied to non-session cookieRight idea, wrong cookieJul 7Jul 7
Deck451Web Security Academy: CSRF — Token is not tied to user sessionCSRF tokens and user sessionsJun 30Jun 30
Deck451Web Security Academy: CSRF — Token validation depends on token being presentCSRF, tokens… and token validation mechanismsJun 24Jun 24