课程: Programming Foundations: Web Security
今天就开通帐号,24,600 门业界名师课程任您挑!
Cross-Site Request Forgery (CSRF)
- A cross-site request forgery attack is when an attacker tricks a user's browser into sending a request to another site. Cross-site because the attack originates on one site but sends a request to another site and request forgery because the request is not a genuine user request. Cross-site request forgery is often shortened to CSRF. Imagine that a hacker wants to get a user to click a link. One way would be to name the link with something deceptive and post it online or send it in an email. The link hides the action but it requires a user to actually click on it. A CSRF does not depend on the user clicking a link. Instead, the attacker places the URL into the HTML of a page, most often is the source attribute of an image tag. When the page loads, the browser automatically sends a request for each of the images that are in the HTML. It doesn't matter that this image source will fail to return an image. The request will…
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程
内容
-
-
-
-
-
-
(已锁定)
Types of credential attacks4 分钟 55 秒
-
(已锁定)
Strong passwords4 分钟 1 秒
-
(已锁定)
URL manipulation and Insecure Direct Object Reference (IDOR)4 分钟 43 秒
-
(已锁定)
SQL injection6 分钟 16 秒
-
(已锁定)
Cross-Site Scripting (XSS)6 分钟 15 秒
-
(已锁定)
Cross-Site Request Forgery (CSRF)4 分钟 21 秒
-
(已锁定)
Cross-Site Request protections3 分钟 38 秒
-
(已锁定)
Cookie visibility and theft4 分钟 37 秒
-
(已锁定)
Session hijacking5 分钟 8 秒
-
(已锁定)
Session fixation3 分钟 18 秒
-
(已锁定)
Remote system execution2 分钟 8 秒
-
(已锁定)
File upload abuse2 分钟 59 秒
-
(已锁定)
Denial of service4 分钟 55 秒
-
(已锁定)
-