Valency Networks, profile picture
Uploaded byValency Networks
PPTX, PDF1,916 views

Cross Site Request Forgery (CSRF) Scripting Explained

Cross-Site Request Forgery (CSRF) is an attack where an attacker forges requests as a trusted user, exploiting a web application's blind trust in browser requests. This can lead to various damages including unauthorized transactions in net-banking and unauthorized modifications of personal health information. Mitigation techniques include using CSRF tokens in forms and implementing CAPTCHA to verify user interactions.

Embed presentation

Downloaded 87 times
Cross Site Request Forgery (CSRF) Author :Sneha Nehatkar March, 2017
www.valencynetworks.com Key Points • What is Cross Site Request Forgery (CSRF)? • How Attack Can Happen? • Damages caused by CSRF? • Mitigations
www.valencynetworks.com What is Cross Site Request Forgery (CSRF)? • CSRF is an attack in which attacker forges the request as a trusted user. The request is essentially made to send unintended data to the site. A vulnerable web application assumes that the data is coming from a trusted user. • The root cause is – request coming from browser is trusted by server blindly, if CSRF protection is not implemented. • This “blind trust” lets attacker create a forged request, and make the victim perform that request.
www.valencynetworks.com How Attack Can Happen? • Attacker knows about target application, on which the attack is to be performed • Attacker forges request and sends it to victim who may be logged into the website by embedding that forged request into a hyperlink • Victim clicks on it, and unknowingly sends malicious request to website • Website accepts it and processes it. Thus the attacker is successful in performing the attack.
www.valencynetworks.com CSRF Work Flow Diagram Attacker Victim Send forged request by phishing or any other technique Victim click on it unknowingly and send it Webserver validate it and attacker get whatever he/she wants 1 2 3
www.valencynetworks.com Damages caused by CSRF? • In Net-banking attacker can forge the request and send it to victim to steal money from Victim’s account • Personal health information can be stolen or modified in a hospital database • Attacker force victim to perform unwanted action which affect their profile
www.valencynetworks.com Mitigation Techniques • Can be mitigate by two ways – CSRF token (a cookie which is introduced in each form and validated by web app) – Captcha (implemented to ensure that the request is being performed by a human interaction) CSRF Token Captcha
www.valencynetworks.com An ISO27001 Certified Company http://www.valencynetworks.com sales@valencynetworks.com Facebook Twitter Linkedin

More Related Content

PPTX
Understanding Cross-site Request Forgery
byDaniel Miessler
 
PPTX
Xss attack
byManjushree Mashal
 
PDF
CSRF Basics
byn|u - The Open Security Community
 
PPT
Cross Site Request Forgery
byTony Bibbs
 
PPT
Penetration Testing Basics
byRick Wanner
 
PPT
Cross Site Request Forgery Vulnerabilities
byMarco Morana
 
PPT
Introduction to Web Application Penetration Testing
byAnurag Srivastava
 
PPT
Web Application Security
byAbdul Wahid
 
Understanding Cross-site Request Forgery
byDaniel Miessler
 
Xss attack
byManjushree Mashal
 
CSRF Basics
byn|u - The Open Security Community
 
Cross Site Request Forgery
byTony Bibbs
 
Penetration Testing Basics
byRick Wanner
 
Cross Site Request Forgery Vulnerabilities
byMarco Morana
 
Introduction to Web Application Penetration Testing
byAnurag Srivastava
 
Web Application Security
byAbdul Wahid
 

What's hot

PPTX
Introduction to CSRF Attacks & Defense
bySurya Subhash
 
PPTX
A8 cross site request forgery (csrf) it 6873 presentation
byAlbena Asenova-Belal
 
PDF
Penetration testing web application web application (in) security
byNahidul Kibria
 
PPTX
Secure coding practices
byScott Hurrey
 
PDF
Insecure direct object reference (null delhi meet)
byAbhinav Mishra
 
PPTX
Cross Site Scripting Defense Presentation
byIkhade Maro Igbape
 
PPT
Intro to Web Application Security
byRob Ragan
 
PDF
Web Application Security 101
byCybersecurity Education and Research Centre
 
PPTX
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
PPT
Pentesting Using Burp Suite
byjasonhaddix
 
PPT
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
PPT
Sql injection
byNikunj Dhameliya
 
PPTX
Web application attacks
byhruth
 
PPTX
Directory Traversal & File Inclusion Attacks
byRaghav Bisht
 
PPTX
SQL Injection attack
byRayudu Babu
 
PPT
Sql injection attack
byRajKumar Rampelli
 
PPTX
Network attacks
byManjushree Mashal
 
PPTX
Web application security
byKapil Sharma
 
PDF
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
bySandeep Kumbhar
 
PDF
CSRF, ClickJacking & Open Redirect
byBlueinfy Solutions
 
Introduction to CSRF Attacks & Defense
bySurya Subhash
 
A8 cross site request forgery (csrf) it 6873 presentation
byAlbena Asenova-Belal
 
Penetration testing web application web application (in) security
byNahidul Kibria
 
Secure coding practices
byScott Hurrey
 
Insecure direct object reference (null delhi meet)
byAbhinav Mishra
 
Cross Site Scripting Defense Presentation
byIkhade Maro Igbape
 
Intro to Web Application Security
byRob Ragan
 
Web Application Security 101
byCybersecurity Education and Research Centre
 
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
Pentesting Using Burp Suite
byjasonhaddix
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
byBrian Huff
 
Sql injection
byNikunj Dhameliya
 
Web application attacks
byhruth
 
Directory Traversal & File Inclusion Attacks
byRaghav Bisht
 
SQL Injection attack
byRayudu Babu
 
Sql injection attack
byRajKumar Rampelli
 
Network attacks
byManjushree Mashal
 
Web application security
byKapil Sharma
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
bySandeep Kumbhar
 
CSRF, ClickJacking & Open Redirect
byBlueinfy Solutions
 

Viewers also liked

PDF
碳中和是什麼 What is Carbon Neutral
byRen Chih-Jen Cheng
 
PPTX
Nd-YAG Laser | working and construction
byJaydip Kanpariya
 
PDF
Ejercicios tema universo
byJosé Antonio Lupión Lorenzo
 
DOC
Основи, їх склад і назви
bysveta7940
 
PPT
Презентація:Повторення теми "Додавання і віднімання раціональних чисел"
bysveta7940
 
PPTX
3Com 180-3872A
bysavomir
 
PPT
Правила дорожного движения
byAnastasia Simonova
 
PPT
Do we need to grow more
byDeepesh Shah
 
PDF
Epilog PreOp guideline
byEpilog
 
PPTX
Sterlization and disinfection in dentistry
byMahdi Al-Zuhaiawi
 
PPT
Презентація: Основи.їх склад, назви, класифікація
bysveta7940
 
PDF
Глобальні навчальні дні друпал
byAndrii Podanenko
 
PPSX
Interlining
byPrabuddha Alexander
 
PPTX
Final ub role of energy efficiency in smart and sustainable
byUsha Batra
 
PDF
GEONESIS MARCH 2017
byLijin Sunil
 
PPTX
Filosofia 11 - Descrição e Interpretação da Atividade Cognoscitiva
byRafael Cristino
 
PPT
Презентація:Функція. Лінійна функція.
bysveta7940
 
PPTX
Mission in a Virtual World, for The Salvation Army
byBex Lewis
 
PPTX
3Com 3C8227
bysavomir
 
PDF
Pozos petroleros
byPedro Ramirez
 
碳中和是什麼 What is Carbon Neutral
byRen Chih-Jen Cheng
 
Nd-YAG Laser | working and construction
byJaydip Kanpariya
 
Ejercicios tema universo
byJosé Antonio Lupión Lorenzo
 
Основи, їх склад і назви
bysveta7940
 
Презентація:Повторення теми "Додавання і віднімання раціональних чисел"
bysveta7940
 
3Com 180-3872A
bysavomir
 
Правила дорожного движения
byAnastasia Simonova
 
Do we need to grow more
byDeepesh Shah
 
Epilog PreOp guideline
byEpilog
 
Sterlization and disinfection in dentistry
byMahdi Al-Zuhaiawi
 
Презентація: Основи.їх склад, назви, класифікація
bysveta7940
 
Глобальні навчальні дні друпал
byAndrii Podanenko
 
Interlining
byPrabuddha Alexander
 
Final ub role of energy efficiency in smart and sustainable
byUsha Batra
 
GEONESIS MARCH 2017
byLijin Sunil
 
Filosofia 11 - Descrição e Interpretação da Atividade Cognoscitiva
byRafael Cristino
 
Презентація:Функція. Лінійна функція.
bysveta7940
 
Mission in a Virtual World, for The Salvation Army
byBex Lewis
 
3Com 3C8227
bysavomir
 
Pozos petroleros
byPedro Ramirez
 

Similar to Cross Site Request Forgery (CSRF) Scripting Explained

PPTX
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
byNilesh Sapariya
 
PPTX
Cyber security 2.pptx
byNotSure11
 
PPTX
Cross Site Request Forgery- CSRF
byMitul Babariya
 
PDF
A4 A K S H A Y B H A R D W A J
bybhardwajakshay
 
PPTX
CSRF
byAkanksha Raikwar
 
PDF
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...
byIRJET Journal
 
PPTX
CSRF Attack and Its Prevention technique in ASP.NET MVC
bySuvash Shah
 
PDF
Csrf
bysamtpru
 
PDF
Lecture #24 : Cross Site Request Forgery (CSRF)
byDr. Ramchandra Mangrulkar
 
PDF
Grey H@t - Cross-site Request Forgery
byChristopher Grayson
 
PPTX
CSRF_main_vid.pptx
byNishantAnand43
 
PDF
Cross-site request forgery (also known as CSRF) is a web vulnerability that a...
byVarun Mithran
 
PDF
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
byCapgemini
 
PDF
Protecting Your Web Applications: How to Prevent Cross-Site Request Forgery (...
bySecuodsoft
 
PPT
CSRF_RSA_2008_Jeremiah_Grossman
byguestdb261a
 
PPTX
Cross site request forgery(csrf)
byAi Sha
 
PDF
CSRF Attacks and its Defence using Middleware
byijtsrd
 
PPT
Web Security Overview and Demo
byTony Bibbs
 
PPT
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
byRuss McRee
 
PPT
OWASP Serbia - A5 cross-site request forgery
byNikola Milosevic
 
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
byNilesh Sapariya
 
Cyber security 2.pptx
byNotSure11
 
Cross Site Request Forgery- CSRF
byMitul Babariya
 
A4 A K S H A Y B H A R D W A J
bybhardwajakshay
 
CSRF
byAkanksha Raikwar
 
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...
byIRJET Journal
 
CSRF Attack and Its Prevention technique in ASP.NET MVC
bySuvash Shah
 
Csrf
bysamtpru
 
Lecture #24 : Cross Site Request Forgery (CSRF)
byDr. Ramchandra Mangrulkar
 
Grey H@t - Cross-site Request Forgery
byChristopher Grayson
 
CSRF_main_vid.pptx
byNishantAnand43
 
Cross-site request forgery (also known as CSRF) is a web vulnerability that a...
byVarun Mithran
 
Cross-Site Request Forgery Vulnerability: “A Sleeping Giant”
byCapgemini
 
Protecting Your Web Applications: How to Prevent Cross-Site Request Forgery (...
bySecuodsoft
 
CSRF_RSA_2008_Jeremiah_Grossman
byguestdb261a
 
Cross site request forgery(csrf)
byAi Sha
 
CSRF Attacks and its Defence using Middleware
byijtsrd
 
Web Security Overview and Demo
byTony Bibbs
 
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
byRuss McRee
 
OWASP Serbia - A5 cross-site request forgery
byNikola Milosevic
 

Recently uploaded

PDF
AI Girlfriend Platforms Compared 2026 AI Angels Janitor AI Character AI Candy AI
byAi Angels
 
PPTX
TOPFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.ppX
bycontactvidyawan
 
PDF
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
PPTX
Mind Sound Resonance Technique (MSRT) Teacher Training Course.pptx
byKaruna Yoga Vidya Peetham
 
PDF
Think before you Click (Ligap Project) - SI Ebhonu at FGGC.pdf
bySylvester Ebhonu
 
PDF
Darknet Master Tor and Deep Web Secrets (Procolo Scotto).pdf
bykuldeepbauddh1
 
PPTX
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
AI Girlfriend Platforms Compared 2026 AI Angels Janitor AI Character AI Candy AI
byAi Angels
 
TOPFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF.ppX
bycontactvidyawan
 
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
Mind Sound Resonance Technique (MSRT) Teacher Training Course.pptx
byKaruna Yoga Vidya Peetham
 
Think before you Click (Ligap Project) - SI Ebhonu at FGGC.pdf
bySylvester Ebhonu
 
Darknet Master Tor and Deep Web Secrets (Procolo Scotto).pdf
bykuldeepbauddh1
 
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 

Cross Site Request Forgery (CSRF) Scripting Explained

  • 1.
    Cross Site RequestForgery (CSRF) Author :Sneha Nehatkar March, 2017
  • 2.
    www.valencynetworks.com Key Points • Whatis Cross Site Request Forgery (CSRF)? • How Attack Can Happen? • Damages caused by CSRF? • Mitigations
  • 3.
    www.valencynetworks.com What is CrossSite Request Forgery (CSRF)? • CSRF is an attack in which attacker forges the request as a trusted user. The request is essentially made to send unintended data to the site. A vulnerable web application assumes that the data is coming from a trusted user. • The root cause is – request coming from browser is trusted by server blindly, if CSRF protection is not implemented. • This “blind trust” lets attacker create a forged request, and make the victim perform that request.
  • 4.
    www.valencynetworks.com How Attack CanHappen? • Attacker knows about target application, on which the attack is to be performed • Attacker forges request and sends it to victim who may be logged into the website by embedding that forged request into a hyperlink • Victim clicks on it, and unknowingly sends malicious request to website • Website accepts it and processes it. Thus the attacker is successful in performing the attack.
  • 5.
    www.valencynetworks.com CSRF Work FlowDiagram Attacker Victim Send forged request by phishing or any other technique Victim click on it unknowingly and send it Webserver validate it and attacker get whatever he/she wants 1 2 3
  • 6.
    www.valencynetworks.com Damages caused byCSRF? • In Net-banking attacker can forge the request and send it to victim to steal money from Victim’s account • Personal health information can be stolen or modified in a hospital database • Attacker force victim to perform unwanted action which affect their profile
  • 7.
    www.valencynetworks.com Mitigation Techniques • Canbe mitigate by two ways – CSRF token (a cookie which is introduced in each form and validated by web app) – Captcha (implemented to ensure that the request is being performed by a human interaction) CSRF Token Captcha
  • 8.
    www.valencynetworks.com An ISO27001 CertifiedCompany http://www.valencynetworks.com sales@valencynetworks.com Facebook Twitter Linkedin