#csrf

AAbolFazlmp7y0.hashnode.dev

From Client Regex to Server Bug: We Hunted CORS and CSRF

Introduction CORS misconfigurations are everywhere. But spotting the real ones takes more than payloads — it takes understanding the trust model hidden beneath the surface. This is a short story of ho

1d ago4 min read

FKFrank Kelechi Ogefrankoge.com

The Two Bugs That Kill Startups: A Deep Dive into XSS and CSRF

You can have the cleanest React code, the fastest API, and the most beautiful UI. But if I can inject a script into your search bar that steals your users' session cookies, your startup is dead. Security is not an "add-on." It is a fundamental requi...

Feb 152 min read

TITech Insights Hubtopperblog.hashnode.dev

CSRF Protection: Token Implementation

Why Traditional CSRF Protection Fails in Modern Architectures Classic CSRF protection relied heavily on server-side session storage, where a synchronizer token was generated per session and validated against session state. This approach worked well f...

Feb 1210 min read

ARAshifur Rahamanaspnetcore.hashnode.dev

ASP.NET Core: Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack where a malicious website tricks an authenticated user into performing an unwanted action on a trusted site where the user is currently logged in. Because browsers automatically send cookies (including s...

Jan 264 min read

ALAnderson Leiteandersonleite.com

Understanding CSRF: Why Cookies Aren't Enough

The Problem Imagine you're logged into bank.com. While browsing the web, you visit evil.com which contains this innocent-looking link: Win a Free iPhone! 🎁 When you click, your browser sends the request to bank.com with your authentication cookies a...

Jan 83 min read

LDLakshay Dhoundiyallakshaydhoundiyal.hashnode.dev

Web Storage: Comparing Sessions, Cookies, Tokens, and Local Storage for Secure Authentication 🌐

Have you ever logged into your favorite website, closed it, and then returned to find yourself still logged in? Or maybe you’ve noticed that some websites remember your preferences (like theme or language) every time you visit? It’s all because of we...

Dec 31, 20259 min read

BBennettblog.bennett1999.com

Lesson 13: 前後端分離的痛-CORS 跨域問題、 CSRF 防護機制與XSS跨腳本攻擊

前後端分離是近幾年非常熱門的架構概念，其實早在十多年前就已被提出。在早期的實務中，前後端分離常搭配 SPA 與 CSR（Client-Side Rendering）實作，但在當時的搜尋引擎環境下，CSR 對 SEO 並不友善。原因在於 CSR 的頁面在初始請求時只回傳空的 HTML 殼，實際內容與 meta 資訊需等 JavaScript 在瀏覽器端執行後才生成；而以前搜尋引擎爬蟲並不會執行 JavaScript（現在google有針對爬蟲做出調整，但執行時機、資源配額與錯誤容忍度仍不保證即...

Dec 15, 20254 min read

MMaMad4Evermikagelabs.hashnode.dev

🍪 HTTP Cookies

HTTP Cookies are small pieces of data created by a web server while a user is browsing a website and stored on the user’s device by their web browser. When a user visits a website, the browser automatically sends any cookies that belong to that site ...

Dec 8, 20252 min read

BABoluwatife Anwobackend-docs.hashnode.dev

Fortifying Backend: A Deep Dive into Hashing, CORS, CSRF, XSS, and DDoS Defense

1. Introduction: The Stakes of Modern Backend Security. The difference between a successful business and a catastrophic failure in today's modern digital landscape often comes down to the integrity of its backend security. A data breach, like the inf...

Dec 4, 20256 min read

AAAli Alishanblog.soloboy.me

Chain of Three Client-Side Vulnerabilities Leads to One-Click Account Takeover

Hello, hackers. Last year, Mehrad and I discovered an account‑takeover vulnerability by chaining three client‑side vulnerabilities. Let’s dive in. Understanding the Target Target was a single web application; the scope was https://redacted.com, so we...

Nov 13, 20253 min read

Tag feed

Tag feed

#csrf

From Client Regex to Server Bug: We Hunted CORS and CSRF

The Two Bugs That Kill Startups: A Deep Dive into XSS and CSRF

CSRF Protection: Token Implementation

ASP.NET Core: Cross-Site Request Forgery (CSRF)

Understanding CSRF: Why Cookies Aren't Enough

Web Storage: Comparing Sessions, Cookies, Tokens, and Local Storage for Secure Authentication 🌐

Lesson 13: 前後端分離的痛-CORS 跨域問題、 CSRF 防護機制與XSS跨腳本攻擊

🍪 HTTP Cookies

Fortifying Backend: A Deep Dive into Hashing, CORS, CSRF, XSS, and DDoS Defense

Chain of Three Client-Side Vulnerabilities Leads to One-Click Account Takeover

#csrf

Search Hashnode

#csrf

From Client Regex to Server Bug: We Hunted CORS and CSRF

The Two Bugs That Kill Startups: A Deep Dive into XSS and CSRF

CSRF Protection: Token Implementation

ASP.NET Core: Cross-Site Request Forgery (CSRF)

Understanding CSRF: Why Cookies Aren't Enough

Web Storage: Comparing Sessions, Cookies, Tokens, and Local Storage for Secure Authentication 🌐

Lesson 13: 前後端分離的痛-CORS 跨域問題、 CSRF 防護機制與XSS跨腳本攻擊

🍪 HTTP Cookies

Fortifying Backend: A Deep Dive into Hashing, CORS, CSRF, XSS, and DDoS Defense

Chain of Three Client-Side Vulnerabilities Leads to One-Click Account Takeover