Tim's Tech Blog

“security” Blog Posts

CSRF When You Least Expect It.

Fun with Cross-Site Request Forgery (CSRF) in a creative Web Timing Attack scenario, highlighting the risks inherent to SameSite=None session cookies.

21 Dec 2022 security cookies CORS CSRF
Cross-Origin Resource Sharing For The Web (Extension).

The second presentation I gave at Dashlane, in March 2021. A short introduction to Cross-Origin Resource Sharing (CORS), covering Origin, Same-Origin Policy, Cross-Site Request Forgery (CSRF), and a CORS twist with a Chrome Web Extension.

16 Mar 2021 dashlane presentation security extension CORS CSRF