Collaborate Disseminate
I am working on the DVWA’s CSRF lab with the security setting to low. The DVWA is running on localhost:4280. The SameSite cookie attribute is not set (to Lax or Strict), and thus cross-site requests should be possible.
On http://localhost:… Continue reading CSRF not sending correct cookie (Damn Vulnerable Web App test)
How to gather the csrf token on a login page and analyze the vulnerabilities on csrf token using Burp?
I am doing some security research on an application and I am wondering where it is based on.
It appears to be changing each request (so not bound to a user session). Is it just a random value, which should exists within the system or even … Continue reading Where is the .NET __RequestVerificationToken based on?
How does one balance security and usability when using nonces on a website?
Imagine a website where the same nonce is embedded in the page, and stored in the browser session.
If I were to replace the nonce on every page load then:
The use… Continue reading Balancing security with usability when using nonce for CSRF protection
What I have understood (I guess):
Cross-origin Cookies:
Cookies set with Domain="example.com" are not sent with fetch requests from origins like hello.example2.com to mywebsite.example.com because they are different domains. How… Continue reading Understanding Cross-Domain Cookies and `SameSite` Attributes with Express.js and Third-Party Tracking
I’m having a really hard time understanding why the state should be used to protect against CSRF at the OAuth 2.0 login flow.
Imagine I have an Authorization Server with a legitimate client registered with the client_id of my-app-123 and t… Continue reading OAuth 2.0 – why is the state parameter needed in order to prevent CSRF at authorization code login flow?
I have a backend for a mobile application that has to serve large JSON responses from time to time, the transfer would be greatly helped by enabling compression, especially when the user has bad coverage.
Googling it seems like enabling co… Continue reading HTTPs compression, CSRF and mobile apps
To allow cookies to be sent to my ExpressJS server,credentials: true has to be set in my CORS config.
What potential security risks/ vulnerabilities could arise from this configuration?
If possible, how could said risks be mitigated in pra… Continue reading CORS credentials option set to true
When I was originally developing my website, I made sure to include cross-site request forgery tokens in most endpoints and forms, etc., because I knew it was a highly recommended thing to do.
But of course, as time went on and my site gre… Continue reading Does the absence of CSRF tokens need to be fixed as soon as possible?
Recently I was reading about CSRF prevention techniques like Synchronizer Token, Cookie-to-header, and Double Submit Cookie. Cookie-to-header is good for websites using a lot of JavaScript, e.g. SPAs, and Double Submit Cookie eliminates th… Continue reading CSRF Prevention Using Signed Cookies And Custom Headers