Burp Suite Enterprise Edition is now available in our secure Cloud  –  Learn more
Back to all learning paths
PRACTITIONER

Cross-site request forgery (CSRF)

This learning path covers CSRF (Cross-Site Request Forgery). You'll learn about some common CSRF vulnerabilities, and how to prevent them.

Contents

Get started: What is CSRF?

0 of 49

GET STARTED


What is CSRF? 0 of 1



What is the impact of a CSRF attack? 0 of 1



How does CSRF work? 0 of 4



How to construct a CSRF attack 0 of 2



How to deliver a CSRF exploit 0 of 1



Common defences against CSRF 0 of 1



What is a CSRF token? 0 of 2



Common flaws in CSRF token validation 0 of 12



Bypassing SameSite cookie restrictions 0 of 1



What is a site in the context of SameSite cookies? 0 of 2



How does SameSite work? 0 of 6



Bypassing SameSite Lax restrictions using GET requests 0 of 3



Bypassing SameSite restrictions using on-site gadgets 0 of 3



Bypassing SameSite restrictions via vulnerable sibling domains 0 of 2



Bypassing SameSite Lax restrictions with newly issued cookies 0 of 3



Bypassing referer-based CSRF defenses 0 of 1



Validation of Referer depends on header being present 0 of 2



Validation of Referer can be circumvented 0 of 2