Expert: Andreas Hallberg | Price: Free | Language: English |

Defence against CSRF attacks - Cross Site Request Forgery (OWASP)

A live recorded session from Öredev 2015 with Andreas Hallberg, a top security consultant at TrueSec.

Oops, you clicked on a link! - The Jurassic web attack (CSRF)

Oops - you clicked on a link and unwittingly reconfigured your router, changed your tax refund account number and revealed your browsing history! 

How did this happen?

Shortly after your bank went online, attackers discovered the joy of Cross Site Request Forgery (CSRF). Some twenty years later it's still one of the most common web vulnerabilities. 

In this session we'll discuss what CSRF is, why it works, and how to protect your web application against it. We'll look at actual attacks and different flavors of CSRF. We'll discuss what kind of protection works and what doesn't, and why you must learn to love that same-origin policy thing that otherwise only seems to get in your way. 

Heck, there will even be some slides about 1995 and Netscape!

Learn more about hacker attacks and security

To try on your own is often the key to real knowledge. Many of TrueSec consultants run highly appreciated hands-on-labs at LabCenter. Check out the security trainings here!

Tags: Development | Öredev | Andreas Hallberg | Web | Apps | Hacking | Cyberattacks | Security | Cyber Security | cyber threat | Web application

Zyga3lu3rbstll5jilwd andreas hallberg expert labcenterplay

Andreas Hallberg

Cyber Security Expert

Andreas Hallberg is a Security Software Engineer at TrueSec. When properly warmed up, Andreas can talk at length about secure development, web vulnerabilities and practical applications of cryptography.

He happily participates in large security-critical development projects, software security reviews and penetration tests.

He frequently post updates on Twitter @andhallberg.


All programs