Chapter 3

Cross-Site Request Forgery (CSRF)

Mike Shemamikeshema@yahoo.com

487 Hill Street, San Francisco, CA 94114, USA

Tel.: +1 (415) 871 3880.

Information in this chapter:

 Understanding Cross-Site Request Forgery

 Understanding Clickjacing

 Securing the Browsing Context

Imagine standing at the edge of a field, prepared to sprint across it. Now imagine your hesitation knowing the field, peppered with wildflowers under a clear blue sky, is strewn with mines. The consequences of a misstep would be dire and gruesome. Browsing the web carries a metaphorical similarity that while obviously not hazardous to life and limb still poses a threat to the security of your personal information. This chapter is dedicated to a type of hack in which your browser ...

Get Hacking Web Apps now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.