Description: With more web applications using persistent logins and users keeping more applications open in browser tabs, Cross-Site Request Forgery (CSRF) is an attractive vulnerability for malicious actors to exploit. CSRF is one of the OWASP Top 10, and rightfully so. This talk will describe the vulnerability, show some examples (maybe demonstrate it, demo gods willing), and then show a few techniques to prevent and mitigate abuse.
Bio: Barry is a professional software developer with some professional experience, primarily as a web developer using C# and .Net, and he detangles JavaScript and SQL as needed. Barry is also a member of his local OWASP chapter in Bloomington, where he practices conference talks. In his free time, he plays video games and practices lockpicking with the Bloomington Fraternal Order of Locksport. You may have met him at the Lockpicking Villages of CircleCityCon or DerbyCon.
For More Information Please Visit: - http://circlecitycon.com/
http://www.irongeek.com/i.php?page=videos/circlecitycon2015/mainlist
Tags:
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.