Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico скачать в хорошем качестве

Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking - Jim Manico

Speaker: Jim Manico Manicode Security, Founder, CEO and Application Security Educator Description This technical talk on various forms of request forgery is for the software developer who needs to build secure web applications. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to. This attack type requires very specialized defense. We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to. Clickjacking is a way to trick users into taking action and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk! Managed by the OWASP® Foundation https://owasp.org/