What is Cross-Site Request Forgery


Arrive at 5:45pm for a 6pm start. Note: RedShield has locked elevators, so someone will let you up from the building foyer.

This month, Vales Bakaitis will be explaining what Cross-Site Request Forgery is, and how it can be an issue in your web application.

Many introductions to the OWASP Top 10 skim over CSRF, as it is hard to explain in a hand-waving presentation. However, if your website is vulnerable to CSRF it can lead to attackers performing privileged actions on your site, essentially by tricking your regular users into do them on their behalf.

Vales will cover CSRF, how it fits in to most web applications, some examples of where it has been seen in the real world, and what you can do to secure your application from this issue.

If you're unable to make it, this talk will be live-streamed on Youtube at https://www.youtube.com/watch?v=G1aLGaMqnm0 . Feel free to ask questions while watching the livestream.