CHAPTER5
Cross-Site Request Forgery Defense and Clickjacking
Cross-Site Request Forgery (CSRF) attacks, as the name implies, trick the browser into making unauthorized requests on the victim’s behalf, often without the victim’s knowledge. This vulnerability is also called “session riding” because it often takes advantage of a legitimate user’s existing authenticated session on the vulnerable site. The main defenses we will discuss in this chapter include the synchronizer token pattern, the use of re-authentication or other authentication challenges, referer header verification, as well as stateless defenses such as the double-submit cookie defense. ...
Get Iron-Clad Java now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
