课程: Programming Foundations: Web Security
今天就开通帐号,24,600 门业界名师课程任您挑!
Cross-Site Request protections
- Let's learn how to protect our websites from cross site request forgery attacks. The simplest defense against CSRF attacks is to put thought into which pages use GET and POST requests. Use GET requests for retrieving data, not for actions which make changes. Use POST requests such as form submissions for actions which make changes. An image source tag will always send a GET request. The HTML is expecting to read an image, not to make a change. If the bank required transfers to use POST requests, then this URL would be rejected for being the wrong request type. Now, this does not prevent all CSRF attacks, but it prevents those that are easiest to craft. The strongest defense against CSRF attacks is to use CSRF tokens. Here's how it works. First, you generate a long, unique random string which can act as a token. Then you store it in the user's session data. The session data is usually kept on the server so that…
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程
内容
-
-
-
-
-
-
(已锁定)
Types of credential attacks4 分钟 55 秒
-
(已锁定)
Strong passwords4 分钟 1 秒
-
(已锁定)
URL manipulation and Insecure Direct Object Reference (IDOR)4 分钟 43 秒
-
(已锁定)
SQL injection6 分钟 16 秒
-
(已锁定)
Cross-Site Scripting (XSS)6 分钟 15 秒
-
(已锁定)
Cross-Site Request Forgery (CSRF)4 分钟 21 秒
-
(已锁定)
Cross-Site Request protections3 分钟 38 秒
-
(已锁定)
Cookie visibility and theft4 分钟 37 秒
-
(已锁定)
Session hijacking5 分钟 8 秒
-
(已锁定)
Session fixation3 分钟 18 秒
-
(已锁定)
Remote system execution2 分钟 8 秒
-
(已锁定)
File upload abuse2 分钟 59 秒
-
(已锁定)
Denial of service4 分钟 55 秒
-
(已锁定)
-