Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico
Speaker:
Jim Manico
Manicode Security, Founder, CEO and Application Security Educator
Description
This technical talk on various forms of request forgery is for the software developer who needs to build secure web applications. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to. This attack type requires very specialized defense. We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to. Clickjacking is a way to trick users into taking action and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk!
Managed by the OWASP® Foundation
https://owasp.org/
Видео Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico канала OWASP Foundation
Jim Manico
Manicode Security, Founder, CEO and Application Security Educator
Description
This technical talk on various forms of request forgery is for the software developer who needs to build secure web applications. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to. This attack type requires very specialized defense. We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to. Clickjacking is a way to trick users into taking action and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk!
Managed by the OWASP® Foundation
https://owasp.org/
Видео Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico канала OWASP Foundation
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
WebAuthn: Strong Authentication vs Privacy vs Convenience - Suby Raman
Gobal AppSec Dublin: Server Side Prototype Pollution - Gareth Heyes
AppSec EU15 - Nicolas Gregoire - Server-Side Browsing Considered Harmful
Mobile DevSecOps 5 Tips from Building Mobile Apps Used by Millions Brian Reed
OWASP DefectDojo Project - Timo Pagel & Stefan Fleckenstein
Topics of Interest: Common NGINX Misconfigurations That Leave Your Web Server Open ... - S. Pearlman
Deserialization Vulnerability Remediation with Automated Gadget Chain Discovery - Ian Haken
All our APIs are belong to us - Jad Boutros - AppSec California 2016
AppSec EU15 - Martin Knobloch, Tobias Gondrom - Opening ceremony
AppSec EU15 - Luca De Fulgentis - Windows Phone App Security For Builders And Breakers
OWASP Flagship Projects: OWASP Dependency Track - Steve Springett
Threat Model-as-Code - Abhay Bhargav - AppSecUSA 2018
AppSecEU 16 - Arne Swinnen - The Tales of a Bug Bounty Hunter - 10 Interesting Vulnerabilities
OWASP Flagship Projects: OWASP Dependency-Check - Jeremy Long![[In]secure Deserialization, And How [Not] To Do It - Alexei Kojenov](https://i.ytimg.com/vi/Y0QxwRyqlh8/default.jpg)
[In]secure Deserialization, And How [Not] To Do It - Alexei Kojenov
Creating a Security Policy Framework That works Isaac Painter
Everything You Wanted to Know About Client side CSRF But Were Afraid to Ask - Soheil Khodayari
OWASP Juice Shop Project - Björn Kimminich
Federated Login CSRF - AppSecUSA 2017
Global AppSec Dublin: Developer Driven Security In High-Growth Environments - Jakub Kaluzny
OWASP AppSec Europe 2014 - DevOps Track