A somewhat curated list of links to various topics in application security.

Cross-Site Request Forgery (CSRF)

LinkExcerptWord Count
devanshbatham/Vulnerabilities-UnmaskedThis repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand! Imagine you have a toy box where you and your friends can put your favorite toys in and take them out whenever you want. Each of you can only take out your own toys.3169
Avoiding CSRF Attacks with API DesignCross-site request forgery (CSRF) attacks are a type of attack where a website you don’t control tries to send commands to your website, using your customer’s cookies.2697
Samesite by Default and What It Means for Bug Bounty HuntersYou have probably heard of the SameSite attribute addition to HTTP cookies since Chrome 51 (and a specification thereafter). It was advertised as a CSRF killer. This attribute is going to be set by default for all cookies in Chrome 80 (February 4, 2020).784
Bypass SameSite Cookies Default to Lax and get CSRFSameSite Cookies the new cookie attribute that everyone is talking about, it can be used to prevent SOP bypasses and CSRF attacks. but first let's look what is it actually.1000
Facebook GraphQL CSRFThere was a “CSRF” styled query in that can allow GraphQL calls to be made. The discovery of the bug in View the Assigned Roles and Emails of an Instagram Account started at with an authorization screen.841
Account Takeover Using CSRF(json-based)Hello Everyone I’m sil3nt_4unt3r. I am bug hunter on hackerone and bugcrowd. This is my first blog, so forgive my mistakes I was hunting on Bugcrowd private program. The program has 4 different kind of roles Like Admin, H-User, L-User, and Guest.511
Double Submit Cookie PatternCross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.542
Preventing Cross-Site Request Forgery (CSRF) Vulnerability in Web ApplicationForgery is an “act of copying or imitating things like a signature on a check, an official document to deceive the authority source for financial gains”.1543
Attacking Sites Using CSRFThe criticality of a CSRF vulnerability depends heavily on where the vulnerability is located. Sometimes, faulty CSRF protection mechanisms lead to inconsequential issues like unauthorized setting changes or emptying a user’s cart.936
Attacking Sites Using CSRFThe criticality of a CSRF vulnerability depends heavily on where the vulnerability is located. Sometimes, faulty CSRF protection mechanisms lead to inconsequential issues like unauthorized setting changes or emptying a user’s cart.936
Web Security AcademyIn this section, we'll explain what cross-site request forgery is, describe some examples of common CSRF vulnerabilities, and explain how to prevent CSRF attacks.2012
6 Methods to bypass CSRF protection on a web applicationFirst of all sincere apologies for the immense long delays in article writing and responses. As you know i have been quiet occupied but than again that is no excuse to stay out of touch with me readers.549
Should login and logout action have CSRF protection?Stack Exchange network consists of 182 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.1218
Brute Forcing User IDS via CSRF To Delete all Users with CSRF attack.While testing an application, there was a module “Delete User” in which an admin can delete any user. If you notice in the request, there is no CSRF Token/Protection implemented into delete user request.299
WordPress Front End Security: CSRF and NoncesDigitalOcean joining forces with CSS-Tricks! Special welcome offer: get $100 of free credit. In our last article, we covered Cross-Site Scripting (XSS) and the functions WordPress provides to prevent XSS attacks.1192
In Praise of CSRF TokensI have seen CSRF flaws in a wide variety of web applications over the years — most of them aren’t all that relevant and worth discussing (which is why I rarely hear anyone talk about CSRF anymore). The flaws I have seen range from “nuisance” level, e.g.827
Bypassing CSRF tokens with Python's CGIHTTPServerThere are ways to configure Burp using macros to bypass CSRF tokens on HTML forms, so we can use Burp Active Scans, Burp Intruder, Burp Repeater, and (cautiously) even Burp Proxy. There's also Grep-Extract and pitchfork attack type specifically for Intruder.529
Self-XSS + CSRF to Stored XSSHola, this is Renwa from Kurdistan i’m glad to write my first write-up about infosec and Bugbounties.288
Leaking CSRF Tokens Using Service Worker APIHello all, today I have some free time, so I am going to tell you about my finding at Amazon that could lead to full account takeover. let’s talk about Amazon as biggest e-commerce in the world, and when I say e-commerce that means a lot of money in one place.1443
Steal CSRF/Auth/Unique key Header with XSSIn fig: 1 You can see that there is a CSRF-token header presence in the website. Now we are going to steal it. Okay elow is the code which steals the token header and send it to the attacker’s server.334
A Deep Dive into CSRF Protection in RailsIf you’re using Rails today, chances are you’re using CSRF protection. It’s been there almost since the beginning, and it’s one of those features in Rails that makes your life easier without needing to give it a second thought.1412
0ang3el/EasyCSRFEasyCSRF helps to find weak CSRF-protection in WebApp which can be easily bypassed. For example, content type based protection for API (Rest API, GraphQL API, etc) or CSRF-protection based on obscure data format (binary format, etc) are known to be weak.469
Wiping Out CSRFIt’s 2017 and there shouldn’t be much more to say about Cross-Site Request Forgery (CSRF) that hasn’t already been said. It’s a vulnerability that has been known for years with well-documented and proven solutions that have been implemented in popular web development frameworks.5005
Using CORS policies to implement CSRF protectionMixmax is a communications platform that brings professional communication & email into the 21st century. This post is a follow-on to our CORS post back in December.1655
Cross-Site Request Forgery is dead!After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies.1916
Paypal bug bounty: Updating the profile picture without consent (CSRF attack)As you may know, you can upload a picture to Until recently this picture was pretty useless, but now it is displayed on you paypal public page. is a public page linked to your Paypal account that offers an easy way to receive/send money. For instance mine is there.374
How does CSRF work without state parameter in OAuth2.0?I can understand step 1 to step 4. But from step 5 I got some confusion.715
Sinatra CSRF Authenticity tokensI'm building a simple app in ruby using the Sinatra framework. It's mainly "get" based - most requests will be for listing data. However there are a couple of key screens in the app that will collect user input.478