Archivos del blog

XSS killed the anti-CSRF star

This entry hopes to be a quick consideration about how one attack vector can at times dismantle the security of a different area of the application that was otherwise deemed secure. Truth is, security threats many times work like this,

Tagged with: , , ,
Publicado en web hacking
Archive
  • RT @stahnma: Everybody has a testing environment. Some people are lucky enough enough to have a totally separate environment to run product… 1 week ago
  • RT @bitandbang: your friendly reminder that @GitHub provides your public keys (yes, plural) if you add .keys to the end of your GitHub prof… 1 week ago
  • RT @gvanrossum: It's (even more) official: support for Python 2 ends 1/1/2020. Read why, and what you should do: python.org/doc/sunset-pyt… 1 week ago
  • RT @mikewest: TL;DR: `SameSite=Lax` by default. Folks who require cross-site access can opt-into the status quo via `SameSite=None`, but do… 2 weeks ago