Uploaded byShreeraj Shah

6,620 views

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

This document discusses cross-site request forgery (CSRF), also known as XSRF. It begins with an introduction to CSRF attacks, how they work by exploiting authenticated sessions across different domains, and why they are possible due to how web browsers handle cross-domain requests. The document then covers defenses against CSRF and provides an agenda for the topics to be discussed, including concepts, examples, and demos of CSRF vulnerabilities.

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

Recommended

PDF

[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...

byShreeraj Shah

PDF

Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)

byShreeraj Shah

PDF

Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise

byShreeraj Shah

PPT

Web Attacks - Top threats - 2010

byShreeraj Shah

PDF

HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits

byShreeraj Shah

PPT

XSS and CSRF with HTML5

byShreeraj Shah

PPT

FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY

byShreeraj Shah

PPT

Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]

byShreeraj Shah

PDF

Top 10 HTML5 Threats - Whitepaper

byShreeraj Shah

PDF

Blackhat11 shreeraj reverse_engineering_browser

byShreeraj Shah

PDF

Shreeraj-Hacking_Web_2

PDF

Find me if you can – smart fuzzing and discovery! shreeraj shah

PDF

O Dell Secure360 Presentation5 12 10b

PPT

Web 2.0 Application Kung-Fu - Securing Ajax & Web Services

byShreeraj Shah

PPTX

HAD05: Collaborating with Extranet Partners on SharePoint 2010

PPT

Blind SQL Injection

byBlueinfy Solutions

PDF

Dave Carroll Application Services Salesforce

PDF

Mobile Application Scan and Testing

byBlueinfy Solutions

PPTX

Building Secure Extranets with Claims-Based Authentication #SPEvo13

PPTX

Using & Abusing APIs: An Examination of the API Attack Surface

byCA API Management

PDF

Silverlight Document Search Engine

byMustata Bogdan

PDF

CSRF, ClickJacking & Open Redirect

byBlueinfy Solutions

PPTX

Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...

PDF

Identity Management Overview: CAS and Shibboleth

PDF

Alfresco: Implementing secure single sign on (SSO) with OpenSAML

PPTX

How to deploy SharePoint 2010 to external users?

PDF

RESTful Day 5

PPTX

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...

PDF

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF

PPTX

Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter

byNilesh Sapariya

More Related Content

PDF

[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...

byShreeraj Shah

PDF

Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)

byShreeraj Shah

PDF

Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise

byShreeraj Shah

PPT

Web Attacks - Top threats - 2010

byShreeraj Shah

PDF

HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits

byShreeraj Shah

PPT

XSS and CSRF with HTML5

byShreeraj Shah

PPT

FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY

byShreeraj Shah

PPT

Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]

byShreeraj Shah

[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...

byShreeraj Shah

Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)

byShreeraj Shah

Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise

byShreeraj Shah

Web Attacks - Top threats - 2010

byShreeraj Shah

HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits

byShreeraj Shah

XSS and CSRF with HTML5

byShreeraj Shah

FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY

byShreeraj Shah

Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]

byShreeraj Shah

What's hot

PDF

Top 10 HTML5 Threats - Whitepaper

byShreeraj Shah

PDF

Blackhat11 shreeraj reverse_engineering_browser

byShreeraj Shah

PDF

Shreeraj-Hacking_Web_2

PDF

Find me if you can – smart fuzzing and discovery! shreeraj shah

PDF

O Dell Secure360 Presentation5 12 10b

PPT

Web 2.0 Application Kung-Fu - Securing Ajax & Web Services

byShreeraj Shah

PPTX

HAD05: Collaborating with Extranet Partners on SharePoint 2010

PPT

Blind SQL Injection

byBlueinfy Solutions

PDF

Dave Carroll Application Services Salesforce

PDF

Mobile Application Scan and Testing

byBlueinfy Solutions

PPTX

Building Secure Extranets with Claims-Based Authentication #SPEvo13

PPTX

Using & Abusing APIs: An Examination of the API Attack Surface

byCA API Management

PDF

Silverlight Document Search Engine

byMustata Bogdan

PDF

CSRF, ClickJacking & Open Redirect

byBlueinfy Solutions

PPTX

Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...

PDF

Identity Management Overview: CAS and Shibboleth

PDF

Alfresco: Implementing secure single sign on (SSO) with OpenSAML

PPTX

How to deploy SharePoint 2010 to external users?

PDF

RESTful Day 5

PPTX

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...

Top 10 HTML5 Threats - Whitepaper

byShreeraj Shah

Blackhat11 shreeraj reverse_engineering_browser

byShreeraj Shah

Shreeraj-Hacking_Web_2

Find me if you can – smart fuzzing and discovery! shreeraj shah

O Dell Secure360 Presentation5 12 10b

Web 2.0 Application Kung-Fu - Securing Ajax & Web Services

byShreeraj Shah

HAD05: Collaborating with Extranet Partners on SharePoint 2010

Blind SQL Injection

byBlueinfy Solutions

Dave Carroll Application Services Salesforce

Mobile Application Scan and Testing

byBlueinfy Solutions

Building Secure Extranets with Claims-Based Authentication #SPEvo13

Using & Abusing APIs: An Examination of the API Attack Surface

byCA API Management

Silverlight Document Search Engine

byMustata Bogdan

CSRF, ClickJacking & Open Redirect

byBlueinfy Solutions

Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...

Identity Management Overview: CAS and Shibboleth

Alfresco: Implementing secure single sign on (SSO) with OpenSAML

How to deploy SharePoint 2010 to external users?

RESTful Day 5

SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...

Viewers also liked

PDF

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF

PPTX

Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter

byNilesh Sapariya

PPT

DEFCON 17 Presentation: CSRF - Yeah, It Still Works

PPTX

Introduction to CSRF Attacks & Defense

bySurya Subhash

PPTX

Understanding Cross-site Request Forgery

byDaniel Miessler

PPTX

Sql injection

byHemendra Kumar

PPTX

SQL Injection

byMarios Siganos

PPTX

Ppt on sql injection

PDF

SQL injection: Not Only AND 1=1 (updated)

byBernardo Damele A. G.

PDF

Sql Injection Myths and Fallacies

byKarwin Software Solutions LLC

PDF

Understanding CSRF

PPTX

Cross Site Request Forgery (CSRF) Scripting Explained

byValency Networks

PPTX

SQL Injections - A Powerpoint Presentation

Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF

Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter

byNilesh Sapariya

DEFCON 17 Presentation: CSRF - Yeah, It Still Works

Introduction to CSRF Attacks & Defense

bySurya Subhash

Understanding Cross-site Request Forgery

byDaniel Miessler

Sql injection

byHemendra Kumar

SQL Injection

byMarios Siganos

Ppt on sql injection

SQL injection: Not Only AND 1=1 (updated)

byBernardo Damele A. G.

Sql Injection Myths and Fallacies

byKarwin Software Solutions LLC

Understanding CSRF

Cross Site Request Forgery (CSRF) Scripting Explained

byValency Networks

SQL Injections - A Powerpoint Presentation

Similar to [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web

PDF

Load Balancing und Beschleunigung mit Citrix Net Scaler

byDigicomp Academy AG

PPT

CSRF_RSA_2008_Jeremiah_Grossman

PDF

Shreeraj - Hacking Web 2 0 - ClubHack2007

PDF

Is the Web at Risk?

byCarlos Serrao

PDF

Web Application Security Testing - Aware in BugDay Bangkok 2012

byPrathan Dansakulcharoenkit

PDF

Csrf

PDF

Api xss

byA

PDF

Web Application Scanning 101

PDF

Eva flex java_1_slides

byMichael Chaize

PDF

WhiteHat Security "Website Security Statistics Report" (Q1'09)

byJeremiah Grossman

PDF

Amish Umesh - Future Of Web App Testing - ClubHack2007

PDF

E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE

PDF

Evolution Of Web Security

byChris Shiflett

PPTX

Vulnerabilities in modern web applications

PDF

web application security

PPTX

Embedding Jaspersoft into your PHP application

PPTX

Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF

byBoston Institute of Analytics

PDF

Blind XSS & Click Jacking

byn|u - The Open Security Community

PDF

Cross-site request forgery (also known as CSRF) is a web vulnerability that a...

byVarun Mithran

PDF

Lets Make our Web Applications Secure

byAryashree Pritikrishna

Load Balancing und Beschleunigung mit Citrix Net Scaler

byDigicomp Academy AG

CSRF_RSA_2008_Jeremiah_Grossman

Shreeraj - Hacking Web 2 0 - ClubHack2007

Is the Web at Risk?

byCarlos Serrao

Web Application Security Testing - Aware in BugDay Bangkok 2012

byPrathan Dansakulcharoenkit

Csrf

Api xss

byA

Web Application Scanning 101

Eva flex java_1_slides

byMichael Chaize

WhiteHat Security "Website Security Statistics Report" (Q1'09)

byJeremiah Grossman

Amish Umesh - Future Of Web App Testing - ClubHack2007

E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE

Evolution Of Web Security

byChris Shiflett

Vulnerabilities in modern web applications

web application security

Embedding Jaspersoft into your PHP application

Exploring Web Security Threats: A Practical Study on SQL Injection and CSRF

byBoston Institute of Analytics

Blind XSS & Click Jacking

byn|u - The Open Security Community

Cross-site request forgery (also known as CSRF) is a web vulnerability that a...

byVarun Mithran

Lets Make our Web Applications Secure

byAryashree Pritikrishna

More from Shreeraj Shah

PDF

Html5 localstorage attack vectors

byShreeraj Shah

PDF

Dom Hackking & Security - BlackHat Preso

byShreeraj Shah

PPT

Secure SDLC for Software

byShreeraj Shah

PPT

AppSec 2007 - .NET Web Services Hacking

byShreeraj Shah

PDF

Hacking and Securing .NET Apps (Infosecworld)

byShreeraj Shah

PDF

Web Application Kung-Fu, Art of Defense (Bellua/HITB)

byShreeraj Shah

PDF

Web Services Security Chess (RSA)

byShreeraj Shah

PDF

Advanced Web Hacking (EUSecWest 06)

byShreeraj Shah

PDF

Advanced Web Services Hacking (AusCERT 06)

byShreeraj Shah

Html5 localstorage attack vectors

byShreeraj Shah

Dom Hackking & Security - BlackHat Preso

byShreeraj Shah

Secure SDLC for Software

byShreeraj Shah

AppSec 2007 - .NET Web Services Hacking

byShreeraj Shah

Hacking and Securing .NET Apps (Infosecworld)

byShreeraj Shah

Web Application Kung-Fu, Art of Defense (Bellua/HITB)

byShreeraj Shah

Web Services Security Chess (RSA)

byShreeraj Shah

Advanced Web Hacking (EUSecWest 06)

byShreeraj Shah

Advanced Web Services Hacking (AusCERT 06)

byShreeraj Shah

Recently uploaded

PDF

The major tech developments for 2026 by Pluralsight, a research and training ...

byChris Skinner

PDF

The year in review - MarvelClient in 2025

PPTX

Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx

byriteshrkgs2008

PPTX

THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...

byMelissaGblinwon

PDF

Unser Jahresrückblick – MarvelClient in 2025

PDF

Safeguarding AI-Based Financial Infrastructure

byYasir Naveed Riaz

PPTX

The Future of IT Service Management AI Automation & Beyond.pptx

PDF

DIGITAL FORENSICS - Notes for Everything.pdf

bypankajkumavatbeit

PDF

Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...

PPTX

Cybersecurity Best Practices - Step by Step guidelines

byYasir Naveed Riaz

PPTX

Chapter 3 Introduction to number system.pptx

byGetachewAbera9

PDF

TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape

DOCX

Introduction to the World of Computers (Hardware & Software)

byALIABBAS ABASOV

PDF

Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security

byYasir Naveed Riaz

PDF

Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?

byDr. Tathagat Varma

PDF

Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...

byvarsha30tiwari

PPTX

The Landscape of Computer Software Development Companies

PDF

Is It Possible to Have Wi-Fi Without an Internet Provider

bySidra Jefferi

PDF

Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...

byUiPathCommunity

PDF

Digit Expo 2025 - EICC Edinburgh 27th November

The major tech developments for 2026 by Pluralsight, a research and training ...

byChris Skinner

The year in review - MarvelClient in 2025

Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx

byriteshrkgs2008

THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...

byMelissaGblinwon

Unser Jahresrückblick – MarvelClient in 2025

Safeguarding AI-Based Financial Infrastructure

byYasir Naveed Riaz

The Future of IT Service Management AI Automation & Beyond.pptx

DIGITAL FORENSICS - Notes for Everything.pdf

bypankajkumavatbeit

Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...

Cybersecurity Best Practices - Step by Step guidelines

byYasir Naveed Riaz

Chapter 3 Introduction to number system.pptx

byGetachewAbera9

TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape

Introduction to the World of Computers (Hardware & Software)

byALIABBAS ABASOV

Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security

byYasir Naveed Riaz

Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?

byDr. Tathagat Varma

Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...

byvarsha30tiwari

The Landscape of Computer Software Development Companies

Is It Possible to Have Wi-Fi Without an Internet Provider

bySidra Jefferi

Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...

byUiPathCommunity

Digit Expo 2025 - EICC Edinburgh 27th November