Скачать или смотреть Discover Juicy vulnerabilities using Burp Suite extensions - CSRF Scanner - Part 15 | Cyber Adam

Cross-site Request Forgery (CSRF) is an attack which forces an end user to execute unwanted actions on a web application to which he/she is currently authenticated. With a little help of social engineering (like sending a link via email / chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and may allow an attacker to perform an account hijack. If the targeted end user is the administrator account, this can compromise the entire web application.

Portswigger CSRF Lab links:
https://portswigger.net/web-security/...
https://portswigger.net/web-security/...
https://portswigger.net/web-security/...

-----------------
CHAPTERS
0:00 Intro
1:05 What is CSRF ?
3:25 Simple CSRF Example similar to Real world
6:21 CSRF Attack Vectors
9:17 Vulnerable labs to practice CSRF Vulnerability
9:43 Demo Time
9:53 Configuring Upload scanner extension in Burp
12:04 CSRF Vulnerability with no defenses
17:17 CSRF Where token validation depends on request method
21:48 CSRF Where token validation depends on Token being present
26:42 CSRF Mitigation
-----------------