CSRF When You Least Expect It.
Fun with Cross-Site Request Forgery (CSRF) in a creative Web Timing Attack scenario, highlighting the risks inherent to SameSite=None session cookies.
Fun with Cross-Site Request Forgery (CSRF) in a creative Web Timing Attack scenario, highlighting the risks inherent to SameSite=None session cookies.
The second presentation I gave at Dashlane, in March 2021. A short introduction to Cross-Origin Resource Sharing (CORS), covering Origin, Same-Origin Policy, Cross-Site Request Forgery (CSRF), and a CORS twist with a Chrome Web Extension.
Built with Eleventy and eleventy-base-blog.
Setting up this blog (quickly) with Eleventy.