csrf

It’s Okay, We’re All On the SameSite

With Google’s recent announcement that all cookies without a SameSite flag will be treated as having SameSite=Lax set by default in Chrome version 80, surely Cross-Site Request Forgery will be dead? Well, not quite… In this post I’m going to demonstrate a scenario in which the SameSite default won’t actually stop a CSRF attack from …

It’s Okay, We’re All On the SameSite Read More »

Three C-Words of Web App Security: Part 2 – CSRF

This is the second in a three-part series, Three C-Words of Web Application Security. I wrote a sort of prologue back in April, called A Brief Evolution of Web Apps, just to set the scene for those less versed in web application history. In July, I posted part one, which was Three C-Words of Web App Security: …

Three C-Words of Web App Security: Part 2 – CSRF Read More »

CarolinaCon 11 Slides for Anatomy of Web Client Attack

For those who have asked – my slide deck for Anatomy of Web Client Attacks can be downloaded here. Jason Gillam is a Senior Security Consultant with Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at jgillam@secureideas.com, on Twitter @JGillam, or visit the …

CarolinaCon 11 Slides for Anatomy of Web Client Attack Read More »

Scroll to Top