July 2016 - Total web security

What Is Clickjacking?

Posted By: Michel Briginson: July 27, 2016In: ClickjackingNo Comments

Clickjacking is a malicious technique that visually deceives the user into clicking on something different than what is perceived. An attacker uses a transparent, invisible iframe over an au... Read more

CSRF Defense: Anti-CSRF Token

Posted By: Michel Briginson: July 21, 2016In: Cross-Site Request ForgeryNo Comments

Another common defense practice against CSRF is the use of a anti-CSRF token. Before discussing this method, let us look at the nature of CSRF first. Nature of CSRF Why does a CSRF attack su... Read more

CSRF Defense: Referer Check

Posted By: Michel Briginson: July 14, 2016In: Cross-Site Request ForgeryNo Comments

Referer check is one of the most commonly used applications to prevent image hotlinking. Similarly, referer check can also be used to check whether the request is from a legitimate source. F... Read more

CSRF Defense: Verification Code

Posted By: Michel Briginson: July 09, 2016In: Cross-Site Request ForgeryNo Comments

Verification code is considered to be the most simple and effective way to defend against CSRF attacks. CSRF attacks tend to construct network requests of which users are unaware. The verifi... Read more

CSRF Worm

Posted By: Michel Briginson: July 04, 2016In: Cross-Site Request ForgeryNo Comments

In September 2008, 80sec, a domestic security organization in China, released a CSRF worm in Baidu. The vulnerability in Baidu’s user center was present in the function of sending short mess... Read more

Recent Posts

Recent Comments

Archives

Categories

Meta