SecAppDev 2024 lecture details

The Past, Present, and Future of CSRF/CORF

Explore the evolution of CSRF and Cross-Origin Request Forgery, their impact on modern API-based applications, and how to effectively use defenses like SameSite cookies and Cross-Origin Resource Sharing.

Tuesday June 4th, 11:00 - 12:30
Room West Wing
Download handouts
Abstract

Cross-Site Request Forgery (CSRF) attacks have plagued developers for over a decade, evolving with the web's progression. This session dives into CSRF's evolution, its recent variant, Cross-Origin Request Forgery (CORF), and the effectiveness of modern defenses like SameSite cookies. We also explore the reincarnation of CSRF in APIs and how you can properly defend against these attacks. You'll gain insights into the anatomy of these attacks, prerequisites for vulnerability, and best practice defenses, ensuring a comprehensive understanding of CSRF and how to effectively mitigate it.

Key takeaway

Gain a deep understanding of CSRF attacks, the conditions that lead to vulnerability, and how to implement best practice defenses to safeguard your applications.

Content level

Deep-dive

Target audience

Web application developers and architects, security professionals

Prerequisites

A basic understanding of web applications and cookies

Join us for SecAppDev. You will not regret it!

Philippe De Ryck
Philippe De Ryck

Security Expert, Pragmatic Web Security

Expertise: Web security, API security, OAuth 2.0, OpenID Connect

More details

Join us for SecAppDev. You will not regret it!

Related lectures

SecAppDev offers the most in-depth content you will find in a conference setting