Week 5 - Authorization Cont. and Cross-Site Request Forgery (CSRF)

Application Security And Hardening

View Lecture Notes

Goals

Compare single-server MVC-style applications and multi-server API-based applications
Explore Cross-Site Request Forgery attacks
Continue investigating Cookies and Tokens for user authorization

Topics

Cross-Site Request Forgery (CSRF)
Authorization
- Tokens
- Cookies

Applications

Week 05 - Insecure Blog App Part 4
- A work-in-progress blogging application with basic user authentication and authorization
- This week we've added authorization via cookies and tokens
CSRF Example
- This example app performs a CSRF attack on our blogging app when using cookies to authorize the user