all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Basic Authentication Versus CSRF

Add to bookmarks
Sept. 21, 2023, 12:33 p.m. | Roza Maille

TrustedSec www.trustedsec.com

I was recently involved in an engagement where access was controlled by Basic Authentication. One (1) of the findings I discovered was a Cross-Site Request Forgery (CSRF) vulnerability. The client was unsure of the best approach to prevent CSRF in the context of using Basic Authentication. In this blog post, I will examine the security...


The post Basic Authentication Versus CSRF appeared first on TrustedSec.

access application security assessment authentication basic blog blog post client context cross-site cross-site request forgery csrf engagement findings forgery request security security testing & analysis vulnerability

Visit resource

More from www.trustedsec.com / TrustedSec

Missing: Data Classification 3 days, 3 hours ago | www.trustedsec.com
classification data data classification growth +7
Assumed Breach: The Evolution of Offensive Security Testing 1 week, 3 days ago | www.trustedsec.com
assumed breach breach client evolution +11
JS-Tap Mark II: Now with C2 Shenanigans 2 weeks, 3 days ago | www.trustedsec.com
applications attack capabilities collection +14
Introducing Meta-Detector 2 weeks, 5 days ago | www.trustedsec.com
blog blog post call collecting +12
Most Reported Web Findings of 2023 3 weeks, 3 days ago | www.trustedsec.com
api application assessments findings +8
XZ Utils Made Me Paranoid 4 weeks, 2 days ago | www.trustedsec.com
backdoor backdoors identify march +3
The Midnight Alert: Navigating the Dark Web Data Dilemma 1 month ago | www.trustedsec.com
alert chief chief information security officer ciso +19
Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja 1 month ago | www.trustedsec.com
attackers attacks azure bypass +14
Loading DLLs Reflections 1 month, 1 week ago | www.trustedsec.com
back dll hollowing malware +4

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com