Posts

Double submit cookies patterns to defense against Cross-Site Request Forgery (CSRF)

Image
Cross-Site Request Forgery also known as CSRF attack that tricks a web browser into executing an unwanted action in an application to which a user is logged in. An effective CSRF attack can be obliterating for both the business and client. It can bring about harmed customer connections, unapproved fund exchanges, changed passwords and information burglary—including stolen session cookies. Double submit cookies patterns is an one method which is used to prevent this attack. below image explain how Double submit cookies pattern works. In this blog post I am demonstrating a sample project on how to implement Double submit cookies patterns. 1. You need to have a web server to launch this project. (Download wamp server from here ->  http://www.wampserver.com/en/   and install it and run it.) 2. First create a login page to authenticate user. I created  login.html  page which authenticates users using java script. Since this is a demonstration,I used...
Post a Comment
Read more

Synchronizer Token Pattern to prevent Cross-Site Request Forgery (CSRF)

Image
Cross-Site Request Forgery known as CSRF attack that tricks a web browser into executing an unwanted action in an application to which a user is logged in. An effective CSRF attack can be obliterating for both the business and client. It can bring about harmed customer connections, unapproved fund exchanges, changed passwords and information burglary—including stolen session cookies. Synchronizer Token Pattern is an one method which is used to prevent this attack. below image explain how Synchronizer Token Pattern works. source :  insidethecpu.com In this blog post I am demonstrating a sample project, how to implement Synchronizer Token Pattern. 1. You need to have a web server to launch this project. (Download wamp server from here ->  http://www.wampserver.com/en/   and install it and run it.) 2. First create a login page to authenticate user. I created  login.html  page which authenticates users using java script. Since this...
Post a Comment
Read more