Tag: csrf

Found 337 results for 'csrf'.

1) web-application - CSRF Protection on static pages
2) web-application - Why should double submit CSRF tokens be cryptographically strong random numbers?
3) web-application - Why does an anti-forgery token need so many bits?
4) web-application - Why can't we use a third party website to make a csrf attack?
5) xss - CSRF tokens for a JWT-auth system using cookies
6) authentication - Double submit cookie: CSRF token doesn't need be a random value?
7) web-application - What defines a CSRF vulnerability?
8) javascript - CSRF protection with CORS Origin header vs. CSRF token
9) csrf - CSRF Encrypted-Token pattern protection implementation
10) csrf - When should I generate a new CSRF token
11) csrf - Ajax and CSRF protection
12) web-application - Why are CSRF tokens used so often?
13) csrf - Why does Double Submit Cookies require a separate cookie?
14) cookies - Double Submit Cookies vulnerabilities
15) web-application - Should CSRF 'Double Submit Cookie' technique have a different seed value for the cookie versus the HTTP POST?
16) man-in-the-middle - Signing Double Submit Cookies, where the value is a pseudo random string and a signature of it. Is this more secure?
17) csrf - Is this anti-forgery scheme secure?
18) hash - Is it secure to use a hash of a login token as an anti-csrf token?
19) web-application - Should I use CSRF protection on Rest API endpoints?
20) web-application - How does a CSRF token prevent an attack, and how can I safely use/avoid it for my JSON API?
21) javascript - Retrieving CSRF token from third party website form using XHR (JavaScript)
22) web-application - Advantages of multiple valid CSRF tokens
23) web-application - Obtaining CSRF Token
24) authentication - Prevent CSRF attack using regular expression, session storage, and auth token?
25) web-application - Can CSRF protection work even if an XSS vulnerability exists?
26) csrf - CSRF on GWT apps : bypassing the Same-Origin policy
27) csrf - What is the purpose of the default header/cookie in an MVC anti-forgery token?
28) java - Is the Struts2 token interceptor a viable way of protecting against CSRF?
29) csrf - CSRF protection for AJAX when using multiple browser tabs
30) csrf - Alternative to anti-CSRF tokens for AJAX request (Same Origin Policy)
31) xss - Split a JWT between payload and signature
32) xss - JWT cookie with CSRF token as a claim inside the JWT
33) csrf - Same Origin Policy and CSRF-Tokens
34) csrf - custom Origin header to bypass CORS protection against CSRF
35) csrf - Retrieving CSRF token cross-domain using JSONP, risky?
36) cookies - Cookie-to-Header CSRF protection vs CORS
37) xss - exploiting CSRF in ajax request via XSS flaw
38) cookies - Cookie-to-header token CSRF protection
39) csrf - Is checking the Referer and Origin headers enough to prevent CSRF, provided that requests with neither are rejected?
40) cookies - CSRF Protection Is Needed for GET Requests
41) cookies - Do I need CSRF token if I'm using Bearer JWT?
42) web-application - CSRF tokens in cookies?
43) web-application - Can JWT authentication act as an anti-CSRF mechanism?
44) csrf - How do I protect a Laravel backend API from hijacking/CSRF when there is a React frontend?
45) encryption - How about preventing CSRF this way?
46) xss - Is Django's built-in CSRF protection enough?
47) web-application - How to handle CSRF protection in a single page application?
48) csrf - Double Submit Cookie: Can the attacker set the cookie as a separate header?
49) xss - Will same-site cookies be sufficient protection against CSRF and XSS?
50) csrf - CSRF protection with custom headers (and without validating token)