- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
CSRF: The Sleeping Giant - 🛡️ Defending Against Cross-Site Request Forgery via SameSite Cookies
provides a comprehensive deep dive into Cross-Site Request Forgery (CSRF), a web vulnerability that tricks a user's browser into executing unwanted actions on an authenticated website.
Key Sections of the Presentation:
Anatomy of a CSRF Attack (1:26): Explains how browsers act as "naive assistants" that automatically attach session cookies to requests. The attacker leverages this by embedding malicious requests in links or images.
Infamous Real-World Heists (3:47): Highlights how major platforms like YouTube, ING Direct, McAfee, and TikTok have faced CSRF vulnerabilities in the past, proving it is a high-level threat.
SameSite Cookie Defense (5:34): Discusses the SameSite cookie attribute, which tells the browser whether to send cookies during cross-site requests. The video details the evolution from ignoring this setting to modern browsers enforcing Lax as the default.
Tokens, Headers, and Metadata (8:32): Outlines layered defenses, including Synchronizer Tokens, Double Submit Cookies, and Fetch Metadata headers (e.g., Sec-Fetch-Site), which verify the context of a request.
Client-Side CSRF (10:32): Explains an advanced variant where attackers manipulate front-end JavaScript rather than forging requests directly, effectively bypassing traditional server-side defenses.
Building a Bulletproof Web Vault (11:45): Concludes with a masterclass implementation guide, emphasizing the use of framework-native protections, strict SameSite policies, and the fundamental rule: never use a GET request to change data on the server.
Ultimately, the video stresses that there is no "silver bullet" and encourages a strategy of defense-in-depth to keep applications secure.
A Channel to share useful knowledge / Skill 🤓
一個開心share 實用小知識 / 技巧既channel 😆
Видео CSRF: The Sleeping Giant - 🛡️ Defending Against Cross-Site Request Forgery via SameSite Cookies канала Growth From Newbie
Key Sections of the Presentation:
Anatomy of a CSRF Attack (1:26): Explains how browsers act as "naive assistants" that automatically attach session cookies to requests. The attacker leverages this by embedding malicious requests in links or images.
Infamous Real-World Heists (3:47): Highlights how major platforms like YouTube, ING Direct, McAfee, and TikTok have faced CSRF vulnerabilities in the past, proving it is a high-level threat.
SameSite Cookie Defense (5:34): Discusses the SameSite cookie attribute, which tells the browser whether to send cookies during cross-site requests. The video details the evolution from ignoring this setting to modern browsers enforcing Lax as the default.
Tokens, Headers, and Metadata (8:32): Outlines layered defenses, including Synchronizer Tokens, Double Submit Cookies, and Fetch Metadata headers (e.g., Sec-Fetch-Site), which verify the context of a request.
Client-Side CSRF (10:32): Explains an advanced variant where attackers manipulate front-end JavaScript rather than forging requests directly, effectively bypassing traditional server-side defenses.
Building a Bulletproof Web Vault (11:45): Concludes with a masterclass implementation guide, emphasizing the use of framework-native protections, strict SameSite policies, and the fundamental rule: never use a GET request to change data on the server.
Ultimately, the video stresses that there is no "silver bullet" and encourages a strategy of defense-in-depth to keep applications secure.
A Channel to share useful knowledge / Skill 🤓
一個開心share 實用小知識 / 技巧既channel 😆
Видео CSRF: The Sleeping Giant - 🛡️ Defending Against Cross-Site Request Forgery via SameSite Cookies канала Growth From Newbie
Комментарии отсутствуют
Информация о видео
22 мая 2026 г. 17:49:25
00:13:44
Другие видео канала
Unpacking the Array data struture - 📊Comparative Analysis of Fixed and Dynamic Sequential Containers
Context Engineering📚The Vector Database Landscape:Architectures,Technologies & Strategic Application
Linked Lists vs Arrays data structure-🔗Fundamental Data Structures: Linked Lists, Stacks, and Queues
Deconstructing Randomness - ⚛️ Bell's Theorem and the Physics of Determinism
Demystifying Node.js - 🟢 Node.js Fundamentals and Web Application Security Comprehensive Guide
Demystifying Architecture - 🏗️ The Architecture of Separation: MVC, MVP, and MVVM Explained
Euler's Number e - 📔 Euler's Number: The Constant of Growth and Change
Deconstructing Blood Cancer - United States Cancer Statistics, 2025
Taming the UUID Beast - 🆔 UUID Evolution: From Randomness to Sortable Identity
Demystifying Dopamine - 🧠 Dopamine: Biochemistry, Receptors, and ADHD Management Strategies
Advanced Laser Processing - 🎯 Modern Laser Cutting: Physics, Components, and Future Trends
Python - The Great Speed Paradox
1 Chronicles: Highlight Reel - 📖 Chronicles: The Priestly Hope of a Restored Kingdom
API Architecture - 🌐 Principles and Best Practices of RESTful API Design
Anatomy of PostgreSQL - 🐘Introduction to PostgreSQL: Architecture, Configuration, and Administration
The ETF Cereal Aisle Decoder - 📈 A Comprehensive Guide to ETF Types and Strategies
24 Hour Sleep Masterclass
Go Built for the Cloud Era🐹The Go Programming Language: Architecture, Evolution, and Industry Impact
Decoding the Terminal - 🔣 Comprehensive Guide to UTF-8 and Character Encoding
Anatomy of an Elevator - PLC OPTA FINDER 3-Storey Elevator Control System Design
The Anatomy of Panic - 🫀 Panic Disorder: Symptoms, Pathophysiology, and Clinical Management
