A live recorded session from Öredev 2015 with Andreas Hallberg, a top security consultant at TrueSec.
Oops, you clicked on a link! - The Jurassic web attack (CSRF)
Oops - you clicked on a link and unwittingly reconfigured your router, changed your tax refund account number and revealed your browsing history!
How did this happen?
Shortly after your bank went online, attackers discovered the joy of Cross Site Request Forgery (CSRF). Some twenty years later it's still one of the most common web vulnerabilities.
In this session we'll discuss what CSRF is, why it works, and how to protect your web application against it. We'll look at actual attacks and different flavors of CSRF. We'll discuss what kind of protection works and what doesn't, and why you must learn to love that same-origin policy thing that otherwise only seems to get in your way.
Heck, there will even be some slides about 1995 and Netscape!
Learn more about hacker attacks and security
To try on your own is often the key to real knowledge. Many of TrueSec consultants run highly appreciated hands-on-labs at LabCenter. Check out the security trainings here!