Prova nu

Hasty Treat - CSRF Explained

0 Recensioner
0
Episod
364 of 916
Längd
17min
Språk
Engelska
Format
Kategori
Fakta

In this Hasty Treat, Scott and Wes talk about CSRF (Cross Site Request Forgery)! Prismic - Sponsor Prismic is a Headless CMS that makes it easy to build website pages as a set of components. Break pages into sections of components using React, Vue, or whatever you like. Make corresponding Slices in Prismic. Start building pages dynamically in minutes. Get started at prismic.io/syntax. Sentry - Sponsor If you want to know what’s happening with your code, track errors and monitor performance with Sentry. Sentry’s Application Monitoring platform helps developers see performance issues, fix errors faster, and optimize their code health. Cut your time on error resolution from hours to minutes. It works with any language and integrates with dozens of other services. Syntax listeners new to Sentry can get two months for free by visiting Sentry.io and using the coupon code TASTYTREAT during sign up. Show Notes 05:40 - What is it? https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#samesite-cookie-attribute

Someone can submit a form FROM or TO your domain, automatically. 07:50 - Solutions SameSite Cookie https://medium.com/swlh/secure-httponly-samesite-http-cookies-attributes-and-set-cookie-explained-fc3c753dfeb6 Lax — Default value in modern browsers. Cookies are allowed to be sent with top-level navigations and will be sent along with GET requests initiated by a third party website. The cookie is withheld on cross-site subrequests, such as calls to load images or frames, but is sent when a user navigates to the URL from an external site, such as by following a link. Strict — As the name suggests, this is the option in which the Same-Site rule is applied strictly. Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites. The browser sends the cookie only for same-site requests (that is, requests originating from the same site that set the cookie). If the request originated from a different URL than the current one, no cookies with the SameSite=Strict attribute are sent. None — Cookies will be sent in all contexts, i.e sending cross-origin is allowed. The browser sends the cookie with both cross-site and same-site requests. CSRF Token Check Origin / Referrer Headers Captcha Ask for Password Token Tweet us your tasty treats! Scott’s Instagram

LevelUpTutorials Instagram

Wes’ Instagram

Wes’ Twitter

Wes’ Facebook

Scott’s Twitter

Make sure to include @SyntaxFM in your tweets

Föregående AvsnittNästa Avsnitt

Lyssna när som helst, var som helst

Kliv in i en oändlig värld av stories

  • 1 miljon stories
  • Hundratals nya stories varje vecka
  • Få tillgång till exklusivt innehåll
  • Avsluta när du vill
Starta erbjudandet
SE - Details page - Device banner - 894x1036

Andra podcasts som du kanske gillar...

  1. Still Online - La nostra eredità digitaleBeatrice Petrella
  2. Skåret i stykkerB.T.
  3. Stærke portrætterALT for damerne
  4. Følg med migKristoffer Lind
  5. Der er så meget, mænd ikke forstårRikke Dal Støttrup
  6. Anupama Chopra ReviewsFilm Companion
  7. FC PopCornFilm Companion
  8. Do I Like It?The Quint
  9. POTUS: ClintonlandAnders Agner Pedersen
  10. På sporet af lykkenNeal Ashley Conrad Thing
  1. Still Online - La nostra eredità digitaleBeatrice Petrella
  2. Skåret i stykkerB.T.
  3. Stærke portrætterALT for damerne
  4. Følg med migKristoffer Lind
  5. Der er så meget, mænd ikke forstårRikke Dal Støttrup
  6. Anupama Chopra ReviewsFilm Companion
  7. FC PopCornFilm Companion
  8. Do I Like It?The Quint
  9. POTUS: ClintonlandAnders Agner Pedersen
  10. På sporet af lykkenNeal Ashley Conrad Thing
Läs mer
Utforska
Användbara länkar
Språk och region

  • Svenska

  • Sverige

  • App Store
  • Google Play
Följ oss