View Detailed Profile
CSRF - CSRF where Token is Duplicated in Cookie

CSRF - CSRF where Token is Duplicated in Cookie

However, if the web app also has a header injection vulnerability then it is possible to completely bypass the

ExpressJS security - CSRF signed double submit cookie

ExpressJS security - CSRF signed double submit cookie

SUBSCRIBE! ▻ http://www.youtube.com/subscription_center?add_user=editplus ...

Bypassing CSRF Protections: A Double Defeat of the Double-Submit Cookie - David Johansson

Bypassing CSRF Protections: A Double Defeat of the Double-Submit Cookie - David Johansson

Slide-deck: https://www.owasp.org/images/3/32/David_Johansson-Double_Defeat_of_Double-Submit_Cookie.pdf

Your App Is NOT Secure If You Don’t Use CSRF Tokens

Your App Is NOT Secure If You Don’t Use CSRF Tokens

Cross Site Request Forgery

CSRF: Signed Double Submit Cookie & 'Referer' validation vs MITM and vulnerable subdomains

CSRF: Signed Double Submit Cookie & 'Referer' validation vs MITM and vulnerable subdomains

CSRF

CSRF: Signed Double Submit Cookie & 'Referer' validation vs MITM and vulnerable subdomains

CSRF: Signed Double Submit Cookie & 'Referer' validation vs MITM and vulnerable subdomains

CSRF

CSRF attack on expressjs with csurf in double submit cookie mode and cookie signing

CSRF attack on expressjs with csurf in double submit cookie mode and cookie signing

See https://github.com/veryriskyrisk/csurf-attack-poc for the source code and instructions on how to reproduce on localhost.

Angular security - CSRF prevention using Double Submit Cookie

Angular security - CSRF prevention using Double Submit Cookie

Angular security -

Security: CSRF: Signed Double Submit Cookie & 'Referer' validation vs MITM and vulnerable subdomains

Security: CSRF: Signed Double Submit Cookie & 'Referer' validation vs MITM and vulnerable subdomains

CSRF

What is a CSRF token? — Cookies and CSRF explained for Django and Flask

What is a CSRF token? — Cookies and CSRF explained for Django and Flask

Cookies

Cross-Site Request Forgery (CSRF) Explained

Cross-Site Request Forgery (CSRF) Explained

WebSecurity #

How Cross-Site Request Forgery (CSRF) Works & How to Prevent It

How Cross-Site Request Forgery (CSRF) Works & How to Prevent It

Is your application safe from

CSRF - Lab #6 CSRF where token is duplicated in cookie | Short Version

CSRF - Lab #6 CSRF where token is duplicated in cookie | Short Version

In this video, we cover Lab #6 in the