For some reason, Cross-Site Request Forgery has been a vulnerability I have had a hard time getting a full understanding of so I thought it would make a good topic for one of these posts. Before we can get into examples though, let's talk about what Cross-Site Request Forgery (CSRF) is. OWASP defines it as "an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated." They go into more detail, but let's pull that apart first. CSRF is all about having something happen within the context of a targeted…
All posts in web app
Using Burp Suite to bypass anti-CSRF protections with the built-in Session Handling and Macro recorder.…
My thoughts on eLearnSecurity's Web App Penetration Testing course.…
JWT advantages and disadvantages with an emphasis on security implementations.…
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.…
As been noted in the news and other blogs posts over the previous months there has been an upward trend in different web applications utilizing JavaScript to mine for digital currencies.…
Burp Suite 2.0 beta is now available to Professional users. This is a major upgrade, with a host of new features, including A new crawler, able to automatically handle sessions, detect changes in application state, crawl with multiple logins, and deal with volatile content.…
Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input.…