This is the clearest explanation of CSRF i have ever seen.
@AlysN1dr
8 жыл бұрын
Thanks Troy, I didn't understand a single thing you said though I got the gist. I'm glad for the Troy's of this world who willingly help others to protect their privacy. Hope you and your family are well. Sincerely, Alyssa
@stevie44
8 жыл бұрын
Very helpful. Played this video at work for my team and we all learned something new. Thanks!
@agatangelosantos
2 ай бұрын
Thanks Troy. This is a helpful video with clearest explanation!
@nsitkarana
6 жыл бұрын
Nicely explained with a working demo which makes the concept more clear
@pigrebanto
8 жыл бұрын
best practical explanation of csrf!
@MdSajjadHosen
2 жыл бұрын
A helpful video for web developers to fix the bug of the next project...
@Androcentus
6 жыл бұрын
how is the same auth cookie gets sent "auto magically"? If the orig 1st tab gets closed then no auto magic i guess?
@sie85
5 жыл бұрын
Did you forget to mention that these 2 tabs need to be open in the same browser on the client-side for this to work? Else you would to need the auth-cookie as well. Nevertheless good explanation
@HakunaMatata225
3 жыл бұрын
Nice video but serious question! ....Doesn't the same-origion policy protect against CSRF? why do we need the anti forgery tokens? or is it that these tokens are necessary only if someone the SOP was bypassed?
@andjelaarsic9217
6 жыл бұрын
Great explanation!
@janicknorman9396
7 жыл бұрын
This is crystal clear now THANKS.
@conintava514
3 жыл бұрын
Wow excellent explanation
@MyMGZSEVExperience
4 жыл бұрын
amazing clear explanation.
@the_gacker_hub
7 жыл бұрын
But sir, now websites using the Old password parameter also, So it is now impossible for the attacker to attacks CSRF.
@j_ackmakin
8 жыл бұрын
Great Video Troy!
@bharathsco9955
6 жыл бұрын
Someone please answer. at 5.24 why cant the attacker coppy paste the form hiddenfield html to his csrf html and POST request?? NOT POSSIBLEE??? PLZ ANSWER
@AlekVila
2 жыл бұрын
Does checking the $SERVER['HTTP_ORIGIN'] combat this attack? I noticed it was "null" in your hacked request.
@sorrefly
3 жыл бұрын
You sound like the narrator form The Stanley Parable game
@Glory-Of-Nature
6 жыл бұрын
Hi, It's a great explanation, I have questions regarding the get request being made from the app. Example click Now above URL is used as hyperlink in application, And it performing some operation, This is not an post request to the server, Do we need to Validate this request? Do we need to send the token along with URL ?
@zalepentester
8 жыл бұрын
Great! I love it !
@5ql156
3 жыл бұрын
bruh !! thank you thank you thank you thank you
@BlokeBritish
3 жыл бұрын
too gud
@abdullahabdullahshaikh8846
7 жыл бұрын
Great!*****
@big.curiosity
3 жыл бұрын
10:25 WTF!
@kuldeepchopra6594
5 жыл бұрын
what about Cross-Origin Request Blocked:
@fosres
3 жыл бұрын
Wow, its Troy Hunt. He invented the famous HaveIBeenPwned Website: haveibeenpwned.com/
@forgewire
2 жыл бұрын
@23:08 if a secret token is stored in a cookie isn’t a malicious user can steal this cookie with cookies theft techniques and read the token?
@muraliprasanth
6 жыл бұрын
I learned a lot about CSRF now. Thanks for sharing your knowledge.
@JohnSmith-he5xg
8 жыл бұрын
Awesome video. Thanks for going in depth.
@theilluminatedone525
Жыл бұрын
Auto-Magically?
@KirillKovalevskiy
6 жыл бұрын
Thank your for putting this together. I did the demo shown in this video. Works great!
@yangchen542
3 жыл бұрын
Hey bro, I have a question about this video. Why your CSRF demo page will send AuthCookie to the server? thanks a lot.
@abhilashpatel4341
3 жыл бұрын
Suppose a website is designed in such a way that reload or back is prohibited or doesn't work, then how would it word ? I mean will it raise exception ?
@321zipzapzoom
4 жыл бұрын
Very Helpful..Have understood practically and able to come out explaining as answer in my Job Interview recently.
@24manojp
3 жыл бұрын
Hi Sir, After adding Web application, how did you add that Token related code to application.
@richardlanglois5183
8 жыл бұрын
Great talk Troy, Thanks.
@jasminweiner4418
3 жыл бұрын
shouldn't CORS policy help in these regards?
@vishalsrivastava9263
5 жыл бұрын
Your concept is crystal clear....thanks a lot, apart from the last .net part i understood the video very clearly...
@11donto
8 жыл бұрын
that site is pretty.. yeah hacked... that does include dic picks D:
@kuldeepchopra6594
5 жыл бұрын
what happen if i send jquery AJax request
@donamato
4 жыл бұрын
Can I download the website for my lab ?
@lassepoulsen7591
5 жыл бұрын
when i try to send the reqeust i don't get any auth cookie
@saurabh75prakash
6 жыл бұрын
very nice explanation of csrf, thanks.
@fairchild9able
3 жыл бұрын
Awsome work! thanks Troy
@danishmehmood6110
5 жыл бұрын
best tutorial on csrf bar none
@joshuaspy7139
6 жыл бұрын
Very detail explanation. Thank you.
@techzone2O1
6 жыл бұрын
Great presentation, Simple precise and straight forward.
Пікірлер: 54