XSRF How it works 3 - form is submitted on bank.com 4 - bank.com - - PowerPoint PPT Presentation

xsrf how it works
SMART_READER_LITE
LIVE PREVIEW

XSRF How it works 3 - form is submitted on bank.com 4 - bank.com - - PowerPoint PPT Presentation

Feb 20, 2023 365 likes •422 views

XSRF How it works 3 - form is submitted on bank.com 4 - bank.com helpfully transfers money into trouts account 2 - evil.fish includes form on bank.com 1-user goes to evil.fish Defenses Form keys Check HTTP referer CSRF

slide-1
SLIDE 1

XSRF

slide-2
SLIDE 2

How it works

1-user goes to evil.fish

2 - evil.fish includes form on bank.com

3 - form is submitted

  • n bank.com

4 - bank.com helpfully transfers money into trout’s account

slide-3
SLIDE 3

Defenses

  • Form keys
  • Check HTTP referer
  • CSRF tokens
  • Short cookie expiration date
  • Encourage users to log out
slide-4
SLIDE 4

Homework

  • https://google-gruyere.appspot.com/