image Get the whitepaper, toolkits & remediation guides → http1mustdie.com
Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

Cross-site request forgery (CSRF)

This learning path covers CSRF (Cross-Site Request Forgery). You'll learn about some common CSRF vulnerabilities, and how to prevent them.

Contents

Get started: What is CSRF?

0 of 49

GET STARTED

What is CSRF? 0 of 1

What is CSRF? APPRENTICE Get started

What is the impact of a CSRF attack? 0 of 1

What is the impact of a CSRF attack? APPRENTICE

How does CSRF work? 0 of 4

How does CSRF work? APPRENTICE

How does CSRF work? - Continued APPRENTICE

How does CSRF work? - Continued APPRENTICE

How does CSRF work? - Continued APPRENTICE

How to construct a CSRF attack 0 of 2

How to construct a CSRF attack APPRENTICE

Lab: CSRF vulnerability with no defenses APPRENTICE

How to deliver a CSRF exploit 0 of 1

How to deliver a CSRF exploit APPRENTICE

Common defences against CSRF 0 of 1

Common defences against CSRF APPRENTICE

What is a CSRF token? 0 of 2

What is a CSRF token? APPRENTICE

What is a CSRF token? - Continued APPRENTICE

Common flaws in CSRF token validation 0 of 12

Common flaws in CSRF token validation APPRENTICE

Validation of CSRF token depends on request method APPRENTICE

Lab: CSRF where token validation depends on request method PRACTITIONER

Validation of CSRF token depends on token being present APPRENTICE

Lab: CSRF where token validation depends on token being present PRACTITIONER

CSRF token is not tied to the user session APPRENTICE

Lab: CSRF where token is not tied to user session PRACTITIONER

CSRF token is tied to a non-session cookie APPRENTICE

CSRF token is tied to a non-session cookie - Continued APPRENTICE

Lab: CSRF where token is tied to non-session cookie PRACTITIONER

CSRF token is simply duplicated in a cookie APPRENTICE

Lab: CSRF where token is duplicated in cookie PRACTITIONER

Bypassing SameSite cookie restrictions 0 of 1

Bypassing SameSite cookie restrictions APPRENTICE

What is a site in the context of SameSite cookies? 0 of 2

What is a site in the context of SameSite cookies? APPRENTICE

What's the difference between a site and an origin? APPRENTICE

How does SameSite work? 0 of 6

How does SameSite work? APPRENTICE

How does SameSite work? - Continued APPRENTICE

Strict APPRENTICE

Lax APPRENTICE

None APPRENTICE

None - Continued APPRENTICE

Bypassing SameSite Lax restrictions using GET requests 0 of 3

Bypassing SameSite Lax restrictions using GET requests APPRENTICE

Bypassing SameSite Lax restrictions using GET requests - Continued APPRENTICE

Lab: SameSite Lax bypass via method override PRACTITIONER

Bypassing SameSite restrictions using on-site gadgets 0 of 3

Bypassing SameSite restrictions using on-site gadgets APPRENTICE

Bypassing SameSite restrictions using on-site gadgets - Continued APPRENTICE

Lab: SameSite Strict bypass via client-side redirect PRACTITIONER

Bypassing SameSite restrictions via vulnerable sibling domains 0 of 2

Bypassing SameSite restrictions via vulnerable sibling domains APPRENTICE

Lab: SameSite Strict bypass via sibling domain PRACTITIONER

Bypassing SameSite Lax restrictions with newly issued cookies 0 of 3

Bypassing SameSite Lax restrictions with newly issued cookies APPRENTICE

Bypassing SameSite Lax restrictions with newly issued cookies - Continued APPRENTICE

Lab: SameSite Lax bypass via cookie refresh PRACTITIONER

Bypassing referer-based CSRF defenses 0 of 1

Bypassing Referer-based CSRF defenses APPRENTICE

Validation of Referer depends on header being present 0 of 2

Validation of Referer depends on header being present APPRENTICE

Lab: CSRF where Referer validation depends on header being present PRACTITIONER

Validation of Referer can be circumvented 0 of 2

Validation of Referer can be circumvented APPRENTICE

Lab: CSRF with broken Referer validation PRACTITIONER