Cross-Site Request Forgery
Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.| words.filippo.io
Cross-Site Request Forgery countermeasures can be greatly simplified using request metadata provided by modern browsers.| words.filippo.io
Author: Florian Bausch| insinuator.net
When you're analyzing web applications as a pentester or reading pentest reports about web applications, you will often see findings regarding cookies missing certain security flags. The Set-Cookie HTTP header and the JavaScript document.cookie API allow to use, for example, the flags Secure, Path, and Domain. Common audit and pentest tools will tell you when your web application does not or j ...| Insinuator.net
The tail end of 2023 welcomes positive news for web privacy, as Chrome announces it is to join Firefox and Safari in deprecating third-party cookies in 2024. Find out more details about these changes, and what they mean for web developers.| MDN Web Docs
