Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico
Speaker:
Jim Manico
Manicode Security, Founder, CEO and Application Security Educator
Description
This technical talk on various forms of request forgery is for the software developer who needs to build secure web applications. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to. This attack type requires very specialized defense. We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to. Clickjacking is a way to trick users into taking action and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk!
Managed by the OWASP® Foundation
https://owasp.org/
Видео Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico канала OWASP Foundation
Jim Manico
Manicode Security, Founder, CEO and Application Security Educator
Description
This technical talk on various forms of request forgery is for the software developer who needs to build secure web applications. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to. This attack type requires very specialized defense. We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to. Clickjacking is a way to trick users into taking action and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk!
Managed by the OWASP® Foundation
https://owasp.org/
Видео Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico канала OWASP Foundation
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
WebAuthn: Strong Authentication vs Privacy vs Convenience - Suby RamanGobal AppSec Dublin: Server Side Prototype Pollution - Gareth HeyesAppSec EU15 - Nicolas Gregoire - Server-Side Browsing Considered HarmfulMobile DevSecOps 5 Tips from Building Mobile Apps Used by Millions Brian ReedOWASP DefectDojo Project - Timo Pagel & Stefan FleckensteinTopics of Interest: Common NGINX Misconfigurations That Leave Your Web Server Open ... - S. PearlmanDeserialization Vulnerability Remediation with Automated Gadget Chain Discovery - Ian HakenAll our APIs are belong to us - Jad Boutros - AppSec California 2016AppSec EU15 - Martin Knobloch, Tobias Gondrom - Opening ceremonyAppSec EU15 - Luca De Fulgentis - Windows Phone App Security For Builders And BreakersOWASP Flagship Projects: OWASP Dependency Track - Steve SpringettThreat Model-as-Code - Abhay Bhargav - AppSecUSA 2018AppSecEU 16 - Arne Swinnen - The Tales of a Bug Bounty Hunter - 10 Interesting VulnerabilitiesOWASP Flagship Projects: OWASP Dependency-Check - Jeremy Long[In]secure Deserialization, And How [Not] To Do It - Alexei KojenovCreating a Security Policy Framework That works Isaac PainterEverything You Wanted to Know About Client side CSRF But Were Afraid to Ask - Soheil KhodayariOWASP Juice Shop Project - Björn KimminichFederated Login CSRF - AppSecUSA 2017Global AppSec Dublin: Developer Driven Security In High-Growth Environments - Jakub KaluznyOWASP AppSec Europe 2014 - DevOps Track