From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 1 Security Concepts and Network Security
Unlock this course with a free trial
Join today to access over 22,600 courses taught by industry experts.
Cross-site request forgery
From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 1 Security Concepts and Network Security
Cross-site request forgery
- [Instructor] Cross-site request forgery, or CSRF, is a way that attackers can force a trusted user to perform unauthorized and unintended actions. You may also see these attacks referred to as Session Riding, where an innocent user with a trusted and established session is fooled into performing actions that they did not intend. These actions include things like changing their associated email address or password for an account or making a bank transfer. These attacks typically affect applications or websites where HTTP requests are sent to a target. As an example of a CSRF action, let's talk about an unauthorized bank transfer. Here, we see what might be a typical GET request for a bank transfer. The attacker would definitely have interest in this action, which is a privileged action, based on the trusted user session. The attacker would not be able to send this GET request to the bank on their own. They rely on having a trusted user session established in order for this to work…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
On-premises threats8m 42s
-
Cloud-based threats7m 42s
-
Software vulnerabilities4m 48s
-
SQL injection6m 47s
-
Buffer overflow5m 13s
-
Cross-site request forgery5m 7s
-
Hashing5m 44s
-
Encryption5m 19s
-
Public key infrastructure (PKI)5m 53s
-
IPsec9m 57s
-
NAT-T for IPsec4m 23s
-
Pre-shared key authentication7m 18s
-
Site-to-site VPN14m 12s
-
Remote access VPN10m 35s
-
sVTI-based VPN9m 20s
-
DMVPN24m 31s
-
FlexVPN5m 20s
-
Cisco DNA center overview7m 38s
-
Cisco DNA center and vManage APIs6m 21s
-
Python scripts8m 23s
-
-
-