Overview
Write Ups Compilations/Resources
Main Resources
Labs
Cross Site Request Forgery
- Cross Site Request Forgery (CSRF)
Missing Access Controls
- Missing Access Controls
LFI / Directory Traversal
- Local File Inclusion
XXE
- XML External Entity (XXE)
Injection
SSRF
- Server-Side Request Forgery (SSRF)
  - SSRF Write-ups
  - Source Code Review
Unvalidated Redirects and Forwards
- Unvalidated Redirects and Forwards
  - Writeups
  - Source Code Examples
Verbose Error Messages and Stack Traces
- Verbose Error Messages and Stack Traces
  - Write-ups

Powered by GitBook

On this page

Was this helpful?

Cross Site Request Forgery

Cross Site Request Forgery (CSRF)

Labs

PreviousSource Code Examples NextMissing Access Controls

Last updated 4 years ago

Was this helpful?

Lab: CSRF vulnerability with no defenses | Web Security AcademyWebSecAcademy

Lab: CSRF where token validation depends on request method | Web Security AcademyWebSecAcademy

Lab: CSRF where token validation depends on token being present | Web Security AcademyWebSecAcademy

Lab: CSRF where token is not tied to user session | Web Security AcademyWebSecAcademy

Lab: CSRF where token is tied to non-session cookie | Web Security AcademyWebSecAcademy

Lab: CSRF where token is duplicated in cookie | Web Security AcademyWebSecAcademy

Lab: CSRF where Referer validation depends on header being present | Web Security AcademyWebSecAcademy

Lab: CSRF with broken Referer validation | Web Security AcademyWebSecAcademy