Tagged “security”

1. CSRF When You Least Expect It.

   Fun with Cross-Site Request Forgery (CSRF) in a creative Web Timing Attack scenario, highlighting the risks inherent to SameSite=None session cookies. Read more.

2. Cross-Origin Resource Sharing For The Web (Extension).

   The second presentation I gave at Dashlane, in March 2021. A short introduction to Cross-Origin Resource Sharing (CORS), covering Origin, Same-Origin Policy, Cross-Site Request Forgery (CSRF), and a CORS twist with a Chrome Web Extension. Read more.

See all tags.