Information Security, Web, Networks and Systems

Friday, February 21, 2014

Anti-CSRF Tokens to prevent Cross Site Request Forgery (CSRF)

Cross Site Request Forgery is a client side Web Application Attack where attacker tricks victim to execute a malicious web request on behalf of himself. Attacker may send a link to the victim, with a little bit of Social Engineering, he will make victim click on the link. Then victim unintentionally issues a request to the web server which he did not intended to do. Lets see an example.

Wednesday, February 19, 2014

Secure Web Application Development Tips for Beginners

In this post I like to share some important facts I recently learned related to Secure Web Application Development. An expert in Secure Web Application development/Web Application Secure assessment will see these tips trivial, but I really hope they are important for those who are new to Web Application Development.