Iwiseman: /* 1. CSRF (Cross-Site Request Forgery) */

2025-09-18T04:44:34Z

1. CSRF (Cross-Site Request Forgery)

← Older revision		Revision as of 04:44, 18 September 2025
Line 22:		Line 22:
	* [https://www.youtube.com/watch?v=Ub5TLow9GL4 How CSRF Tokens Work]		* [https://www.youtube.com/watch?v=Ub5TLow9GL4 How CSRF Tokens Work]

	'''Iain Explanation'''		'''Iain's Explanation'''
	This is relatively easy. This is where an attacker gets a user to send a link to an already authenticated site with there operation. E.g. in this case, send an email, with a link to change your bank email. Because the browser is already logged on, when the user clicks the link, the existing session cookie gets sent.<br>		This is relatively easy. This is where an attacker gets a user to send a link to an already authenticated site with there operation. E.g. in this case, send an email, with a link to change your bank email. Because the browser is already logged on, when the user clicks the link, the existing session cookie gets sent.<br>
	[[File:Csrf explained.png\|600px ]]<br>		[[File:Csrf explained.png\|600px ]]<br>

Iwiseman: /* 1. CSRF (Cross-Site Request Forgery) */

2025-09-18T04:42:15Z

1. CSRF (Cross-Site Request Forgery)

← Older revision		Revision as of 04:42, 18 September 2025
Line 21:		Line 21:
	* [https://www.youtube.com/watch?v=eHqbh0kyRYk CSRF Explained]		* [https://www.youtube.com/watch?v=eHqbh0kyRYk CSRF Explained]
	* [https://www.youtube.com/watch?v=Ub5TLow9GL4 How CSRF Tokens Work]		* [https://www.youtube.com/watch?v=Ub5TLow9GL4 How CSRF Tokens Work]

			'''Iain Explanation'''
			This is relatively easy. This is where an attacker gets a user to send a link to an already authenticated site with there operation. E.g. in this case, send an email, with a link to change your bank email. Because the browser is already logged on, when the user clicks the link, the existing session cookie gets sent.<br>
			[[File:Csrf explained.png\|600px ]]<br>

	== 2. XSRF ==		== 2. XSRF ==

Iwiseman: Created page with "=Introduction= This page is to list all things around Web Security == 1. CSRF (Cross-Site Request Forgery) == '''Definition''': A malicious site tricks a user's browser into sending authenticated requests to your server. '''Threat Model''': * Exploits cookie-based sessions * Common in form submissions and state-changing requests '''Defense Strategies''': * Synchronizer token pattern * Double-submit cookie validation * SameSite cookie attributes '''Tapir Notes''': * U..."

2025-09-18T04:25:00Z

Created page with "=Introduction= This page is to list all things around Web Security == 1. CSRF (Cross-Site Request Forgery) == '''Definition''': A malicious site tricks a user's browser into sending authenticated requests to your server. '''Threat Model''': * Exploits cookie-based sessions * Common in form submissions and state-changing requests '''Defense Strategies''': * Synchronizer token pattern * Double-submit cookie validation * SameSite cookie attributes '''Tapir Notes''': * U..."

New page

=Introduction=
This page is to list all things around Web Security

== 1. CSRF (Cross-Site Request Forgery) ==
'''Definition''': A malicious site tricks a user's browser into sending authenticated requests to your server.

'''Threat Model''':
* Exploits cookie-based sessions
* Common in form submissions and state-changing requests

'''Defense Strategies''':
* Synchronizer token pattern
* Double-submit cookie validation
* SameSite cookie attributes

'''Tapir Notes''':
* Use `extractFromRequest` to access headers and cookies
* Validate CSRF token manually in `serverLogic`

'''Videos''':
* [https://www.youtube.com/watch?v=eHqbh0kyRYk CSRF Explained]
* [https://www.youtube.com/watch?v=Ub5TLow9GL4 How CSRF Tokens Work]

== 2. XSRF ==
'''Note''': Often used interchangeably with CSRF. Some frameworks (e.g., Angular) use "XSRF" to refer to their CSRF protection mechanism.

'''Angular Pattern''':
* Sends token in `X-XSRF-TOKEN` header
* Validates against cookie value

== 3. CSP (Content Security Policy) ==
'''Definition''': A browser-enforced policy that restricts what content can be loaded or executed.

'''Threat Model''':
* Prevents XSS and clickjacking
* Blocks inline scripts and unauthorized resources

'''Defense Strategies''':
* Use nonce-based or hash-based CSP headers
* Avoid `unsafe-inline` and `unsafe-eval`

'''Example Header''':
<syntaxhighlight lang="http">
Content-Security-Policy: default-src 'self'; script-src 'nonce-abc123'
</syntaxhighlight>

== 4. Host Header Validation ==
'''Definition''': Ensures requests come from expected domains by validating the `Host` header.

'''Threat Model''':
* DNS rebinding attacks
* Host header spoofing

'''Defense Strategies''':
* Use Play’s `AllowedHostsFilter` or validate manually
* In Tapir, use `ServerRequest.header("Host")` and compare against a whitelist

== 5. XSS (Cross-Site Scripting) ==
'''Definition''': Injects malicious scripts into trusted web pages.

'''Threat Model''':
* Steals cookies or session tokens
* Defaces content or redirects users

'''Defense Strategies''':
* Escape output
* Sanitize inputs
* Use CSP headers

== 6. CORS (Cross-Origin Resource Sharing) ==
'''Definition''': Controls which domains can access your API from the browser.

'''Threat Model''':
* Unauthorized cross-origin requests
* Data leakage via exposed endpoints

'''Defense Strategies''':
* Set strict `Access-Control-Allow-Origin` headers
* Avoid wildcard origins (`*`) in production

== 7. Authentication & Authorization ==
'''Definition''': Verifies identity (authN) and controls access (authZ).

'''Threat Model''':
* Unauthorized access to protected resources
* Privilege escalation

'''Defense Strategies''':
* Use JWTs, OAuth2, or session tokens
* Implement RBAC or ABAC
* Validate tokens in Tapir via `.securityIn(...)`

== 8. Input Validation & Injection Prevention ==
'''Definition''': Ensures user input doesn’t compromise system integrity.

'''Threat Model''':
* SQL injection
* Command injection
* Header manipulation

'''Defense Strategies''':
* Use parameterized queries
* Validate types, formats, and ranges
* Reject unexpected input early

Web Security - Revision history

Iwiseman: /* 1. CSRF (Cross-Site Request Forgery) */

Iwiseman: /* 1. CSRF (Cross-Site Request Forgery) */