Course

Skills

Specialized Testing: CSRF

by Christian Wenz

This course will teach you how to test for Cross-site Request Forgery (CSRF), a common attack against web applications.

Preview this course

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$29.00

per month after 10 day trial

Your 10 day Standard free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Level

Advanced

Updated

Nov 30, 2022

Duration

48m

What you'll learn

Cross-site Request Forgery (CSRF) is a common attack against web applications. In this course, Specialized Testing: CSRF, you’ll learn to audit an application for CSRF. First, you’ll explore the mechanics of CSRF. Next, you’ll discover different ways to find and exploit CSRF. Finally, you’ll learn how to detect and potentially circumvent CSRF countermeasures. When you’re finished with this course, you’ll have the skills and knowledge of testing for CSRF needed to audit an application for this kind of vulnerability..

Course Overview

1min

Course Overview 2m

CSRF Fundamentals

15mins

Introduction 1m
History of CSRF 2m
State Management with Cookies 2m
Anatomy of CSRF 5m
CSRF Countermeasures 5m

Testing for CSRF

31mins

Sample Application Introduction 2m
Types of Cross-site Request Forgery 2m
Demo: CSRF against GET Endpoints 5m
Demo: CSRF against POST Endpoints 5m
Demo: CSRF against Token-protected Endpoints 6m
Demo: CSRF against Referrer Checks 4m
Demo: CSRF against SameSite Cookies 6m
Course Summary 2m

About the author

Christian Wenz

Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... mored web technology mix.

See more courses by Christian Wenz

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$29.00

per month after 10 day trial

Your 10 day Standard free trial includes

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Level

Advanced

Updated

Nov 30, 2022

Duration

48m

Ready to upskill? Get started

Contact Sales

Specialized Testing: CSRF

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

Specialized Testing: CSRF

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?