Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

Cross-site request forgery (CSRF)

This learning path covers CSRF (Cross-Site Request Forgery). You'll learn about some common CSRF vulnerabilities, and how to prevent them.

Contents

Get started: What is CSRF?

0 of 49

GET STARTED

What is CSRF? 0 of 1

What is CSRF? Get started

What is the impact of a CSRF attack? 0 of 1

What is the impact of a CSRF attack?

How does CSRF work? 0 of 4

How does CSRF work?

How does CSRF work? - Continued

How does CSRF work? - Continued

How does CSRF work? - Continued

How to construct a CSRF attack 0 of 2

How to construct a CSRF attack

Lab: CSRF vulnerability with no defenses APPRENTICE

How to deliver a CSRF exploit 0 of 1

How to deliver a CSRF exploit

Common defences against CSRF 0 of 1

Common defences against CSRF

What is a CSRF token? 0 of 2

What is a CSRF token?

What is a CSRF token? - Continued

Common flaws in CSRF token validation 0 of 12

Common flaws in CSRF token validation

Validation of CSRF token depends on request method

Lab: CSRF where token validation depends on request method PRACTITIONER

Validation of CSRF token depends on token being present

Lab: CSRF where token validation depends on token being present PRACTITIONER

CSRF token is not tied to the user session

Lab: CSRF where token is not tied to user session PRACTITIONER

CSRF token is tied to a non-session cookie

CSRF token is tied to a non-session cookie - Continued

Lab: CSRF where token is tied to non-session cookie PRACTITIONER

CSRF token is simply duplicated in a cookie

Lab: CSRF where token is duplicated in cookie PRACTITIONER

Bypassing SameSite cookie restrictions 0 of 1

Bypassing SameSite cookie restrictions

What is a site in the context of SameSite cookies? 0 of 2

What is a site in the context of SameSite cookies?

What's the difference between a site and an origin?

How does SameSite work? 0 of 6

How does SameSite work?

How does SameSite work? - Continued

Strict

Lax

None

None - Continued

Bypassing SameSite Lax restrictions using GET requests 0 of 3

Bypassing SameSite Lax restrictions using GET requests

Bypassing SameSite Lax restrictions using GET requests - Continued

Lab: SameSite Lax bypass via method override PRACTITIONER

Bypassing SameSite restrictions using on-site gadgets 0 of 3

Bypassing SameSite restrictions using on-site gadgets

Bypassing SameSite restrictions using on-site gadgets - Continued

Lab: SameSite Strict bypass via client-side redirect PRACTITIONER

Bypassing SameSite restrictions via vulnerable sibling domains 0 of 2

Bypassing SameSite restrictions via vulnerable sibling domains

Lab: SameSite Strict bypass via sibling domain PRACTITIONER

Bypassing SameSite Lax restrictions with newly issued cookies 0 of 3

Bypassing SameSite Lax restrictions with newly issued cookies

Bypassing SameSite Lax restrictions with newly issued cookies - Continued

Lab: SameSite Lax bypass via cookie refresh PRACTITIONER

Bypassing referer-based CSRF defenses 0 of 1

Bypassing Referer-based CSRF defenses

Validation of Referer depends on header being present 0 of 2

Validation of Referer depends on header being present

Lab: CSRF where Referer validation depends on header being present PRACTITIONER

Validation of Referer can be circumvented 0 of 2

Validation of Referer can be circumvented

Lab: CSRF with broken Referer validation PRACTITIONER