Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (2024)

Shanawaj Mansuri

Consultant at Capgemini

  • Report this post

CSRF (Cross-Site Request Forgery) :1. What is CSRF ?CSRF is an attack or vulnerability used by hackers to exploit the user to carry out some action without their will.That means if you visit any site on internet but that site is actually forging your request to some other site without your knowledge.Example : If user visited some site lets say user logged in to any of the online shopping sites.The server of that site will create a cookie and save it in user's browser against that sites domain nameNow the same user opens a different site lets say "xyz .com" in another tab of his browser and a hacker is sitting behind that site to perform CSRF attack and once user open that site it can have a web page with malicious link like some lucrative offer which user will be tempted and click on that link,But in actual in backend the attacker will have a code for changing the email address of user's online shopping app account and it will make a request for changing email address of your online shopping site and along with that request it will also send the cookie details stored for that site in your browser because in reality the request from "xyz .com" is going to the site for which cookie is stored.So, in this way attackers can forge a request using CSRF attack.2. Solution to secure your application from CSRF attack :To avoid CSRF attack, applications need a way to determine if HTTP request is generated via the application's user interface or the HackerThe Best way is to use "CSRF Token" --> CSRF Token is a secure random token to prevent CSRF attacks.This token should be unique per user session and should be large random value to make it difficult to guess.So for every request server is going to send the cookie and the CSRF token which will be saved in user's browserAnd now if hacker performs any CSRF attack even if it sends the cookie details for the site the CSRF token will be different for this session as it is unique per session and the attack will fail.#csrf #security #springsecurity #springboot #springframework #authentication

  • Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (2)

21

2 Comments

Like Comment

Shital Kumbhar

Specialist - IT engineer

9mo

  • Report this comment

Great way to share your knowledge 👏

Like Reply

1Reaction 2Reactions

To view or add a comment, sign in

More Relevant Posts

  • Brian Sánchez Camelo

    Full Stack Developer

    • Report this post

    A recent report reveals that over 100,000 websites are being infected with malware through the polyfill.io domain, which was acquired earlier this year by a Chinese organization. Polyfill.io provided polyfills, which are JavaScript code snippets that add functionality to older browsers. Now, the domain is inserting malicious code into the scripts, affecting anyone visiting a website using this service.Security firms have alerted organizations to immediately remove any code from polyfill.io. Google has started blocking ads on affected websites to reduce the number of potential victims. Sansec, a security company, reports that the domain was acquired in February by Funnull, a Chinese CDN, and has been using the service in a supply chain attack since then.The original creator of the project, Andrew Betts, had already warned in February about the change in ownership and potential insecurity, advising users to remove the code from their websites. Other CDN providers like Fastly and Cloudflare have created mirrors of polyfill.io so that sites can continue using the code without relying on the compromised domain.https://lnkd.in/ghknS3mm

    Remove Polyfill.io code from your website immediately theregister.com

    1

    Like Comment

    To view or add a comment, sign in

    • Report this post

    Massive attack underway and you are likely affected. #PolyFill is a popular open-source JavaScript library used by more than 100K websites to support older browsers via integrating the domain polyfill[.]io. But since PolyFill was acquired by a Chinese company in February, the domain has been injectingmalwareon mobile devices via any site which has polyfill[.]io. It appears the domain was purchased specifically to spread malware through legit sites and advertising—and it's working. PolyFill is spreading redirects like wildfire—#ecommerce operations are being hard hit.All websites utilizing the polyfill[.]io domain should remove it immediately. CloudFlare and Fastly have developed patches; Fastly has taken a snapshot of the code before it was sold and is hosting it here (https://polyfill-fastly.io). Use this remote host until you are able to download the polyfill.js file locally, scan it for vulnerabilities and host it on internal systems.Below—a PolyFill malicious payload example courtesy of Sansec - experts in eCommerce security.Please reach out to The Media Trust if you need assistance — info@themediatrust.com

    • Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (10)

    23

    3 Comments

    Like Comment

    To view or add a comment, sign in

  • Anjaly Anil

    Cybersecurity Enthusiast || CEHv12 || SOC || VAPT || CSA || Networking || CSE

    • Report this post

    Day 75/100 days of challenge!!!!#100daysofchallenge #clickjacking #cyberattack #cybersecurity #learning #careerdevelopment 🔺CLICKJACKINGClickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.The invisible page could be a malicious page, or a legitimate page the user did not intend to visit – for example, a page on the user’s banking site that authorizes the transfer of money.There are several variations of the clickjacking attack, such as:Likejacking – a technique in which the Facebook “Like” button is manipulated, causing users to “like” a page they actually did not intend to like.Cursorjacking – a UI redressing technique that changes the cursor for the position the user perceives to another position. Cursorjacking relies on vulnerabilities in Flash and the Firefox browser, which have now been fixed.🔺 DEFENDING AGAINST CLICKJACKINGThere are three main ways to prevent clickjacking:- Sending the proper Content Security Policy (CSP) frame-ancestors directive response headers that instruct the browser to not allow framing from other domains. The older X-Frame-Options HTTP headers is used for graceful degradation and older browser compatibility.- Properly setting authentication cookies with SameSite=Strict (or Lax), unless they explicitly need None (which is rare).- Employing defensive code in the UI to ensure that the current frame is the most top level window.

    • Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (14)

    14

    1 Comment

    Like Comment

    To view or add a comment, sign in

  • BrowserHow

    5 followers

    • Report this post

    Do you want to learn? How to Remove Search Marquis from Safari Mac💡 You can read more 👇 https://lnkd.in/dyEHRkiP The Search Marquis is a browser hijacker that automatically changes the default search engine to a malicious site. There are different ways to remove the malware and make Safari normal again. Force quit your browser and end suspicious activity from Activity Monitor. Also, delete the extension and clear browsing data for a complete cleanup. #SafariMac #BrowserHow #AppleSafari

    How to Remove 'Search Marquis' from Safari on Mac browserhow.com
    Like Comment

    To view or add a comment, sign in

  • Matt Peck

    Contract Software Engineer 🧑💻 | Building Scalable Web Solutions 🚀| Typescript - Node.js - AWS - React - Vue

    • Report this post

    Another day, another web vulnerability. If you're using polyfill.io CDN to bring modern JS features to legacy browsers, you might want to find an alternative.The CDN is being used to distribute malware.https://lnkd.in/eVPvJDve

    Remove Polyfill.io code from your website immediately theregister.com

    1

    Like Comment

    To view or add a comment, sign in

  • Adam Goss

    Helping demystify cyber threat intelligence for businesses and individuals | CTI | Threat Hunting | Custom Tooling

    • Report this post

    🚨 New variation of clickjacking emerges called "gesture jacking" 🚨While many web developers still struggle to defend against clickjacking, a new attack technique has emerged: gesture jacking (cross-window forgery). This technique is more reliable and less reliant on user settings.ℹ️ Clickjacking is an attack in which web page elements are manipulated to deceive users into clicking something other than what they intend. Gesture jacking is similar to clickjacking but involves attackers enticing users to perform certain actions, like holding down a key, which can lead to unauthorized operations on a victim’s website.🛡️ To defend against these techniques, web developers should not use predictable ID tags for sensitive buttons, drop URL fragments to prevent scrolling to specific webpage parts, the force-load-at-top document policy, and implement activation cooldown periods.👉 Despite browser efforts to mitigate these risks, this is a continuous battle, with not all abusable behaviors considered vulnerabilities by browser vendors. It is a cat-and-mouse game between developers and hackers.#cybersecurity #news #webattack #clickjacking #gesturejacking #threatintelligence #cti

    Attacker Techniques: Gesture Jacking http://textslashplain.com

    3

    Like Comment

    To view or add a comment, sign in

  • CyberDef

    45 followers

    • Report this post

    🚨 A recent supply chain attack on Polyfill.io has compromised over 100,000 websites, redirecting users to malicious sites. Key services like JSTOR and Intuit have been affected. Read the full article to learn more about the impact and steps for mitigation.Read more: https://lnkd.in/dbFszvBd#cybersecurity #websecurity #supplychainattack

    Polyfill supply chain attack impacts over 100k websites https://www.cyberdef.cc
    Like Comment

    To view or add a comment, sign in

  • Webcoda Digital Agency Sydney

    371 followers

    • Report this post

    Protect your website! If you were among the numerous websites impacted by the https://hubs.la/Q02DNkGj0 security incident last week https://hubs.la/Q02DNlgy0, it's crucial to ensure the issue has been addressed. Update - It looks like the domain has been shut down anyway so is no longer a threat.Many site owners were unaware of the breach until Google suspended their AdWords due to a security flaw on their sites. Some big name site were affected .."Hulu, Nintendo, JSTOR, tax site Intuit, and some high-profile news sites—to gambling or porn sites via pop-up windows or full redirects."To safeguard against future threats, employing a service like Cloudflare https://hubs.la/Q02DNkst0 is advisable, as it can dynamically adjust your website to link to a secure script version. Setting up Cloudflare is beneficial even if you weren't directly affected, as it offers cost-effective security enhancements, including protection from distributed denial-of-service attacks.If this is all just going over your head and you just want some help feel free to reach out.

    • Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (27)

    3

    Like Comment

    To view or add a comment, sign in

  • ConnectProtect®

    356 followers

    • Report this post

    Recent findings reveal that hackers are exploiting a vulnerability in the Facebook module for PrestaShop, known as "pkfacebook," to deploy skimmers that steal credit card information from online shoppers.🟧 Key Details:▪️ The vulnerability, identified as CVE-2024-36680, is an SQL injection flaw.▪️ It affects numerous e-commerce sites using the PrestaShop platform.▪️ Despite claims from the module's developer, the flaw is actively being exploited, posing a significant risk to businesses and their customers.At ConnectProtect, we emphasize the critical importance of keeping software and modules updated and securing all aspects of your digital infrastructure.🟧 Protect Your Business with the following mitigations recommended by the Friends-Of-Presta ▪️ Upgrade to the latest pkfacebook version to disable multiquery executions.▪️ Ensure the use of pSQL to avoid Stored XSS vulnerabilities, leveraging the strip_tags function for added security.▪️ Modify the default "ps_" prefix to a longer, arbitrary one to improve security against basic attacks.▪️ Activate OWASP 942 rules on your Web Application Firewall (WAF).Don't wait until your data is compromised. Ensure you have visibility over your environment, secure your organisation and protect your customers today!Read more on the recent exploit🔗 https://lnkd.in/dD85_WSB#DataProtection #SQLInjection #EcommerceSecurity

    • Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (30)

    3

    Like Comment

    To view or add a comment, sign in

  • OpenBuckets

    6,234 followers

    • Report this post

    🚨 Alert: Major Security Flaw in PrestaShop's Facebook Module Exploited by Hackers 🚨Hackers are exploiting a severe SQL injection vulnerability in the pkfacebook module for PrestaShop, enabling them to steal credit card details from online shoppers. The flaw, identified as CVE-2024-36680, affects the facebookConnect.php Ajax script, allowing remote attackers to manipulate SQL queries via HTTP requests. Discovered by #TouchWeb, this critical flaw remains contentious as #Promokit claims it was resolved, yet no evidence has been provided.Friends-of-Presta recently published a proof-of-concept exploit, highlighting active exploitation in the wild. They recommend several security measures, including upgrading to the latest pkfacebook version, employing pSQL to prevent stored XSS vulnerabilities, changing the default database prefix, and activating OWASP 942 rules on the Web Application Firewall.Despite Promokit’s assertion that the flaw has been patched, there is ambiguity since the latest version on their site is listed as 1.0.0. With PrestaShop’s widespread use in over 300,000 online stores globally, this vulnerability poses a significant risk, potentially leading to administrative privilege abuse, data breaches, and email hijacking. Store owners must act swiftly to implement recommended security measures and safeguard their e-commerce platforms.#CyberSecurityAlert #EcommerceSecurity #DataProtection #PrestaShop#SQLInjection #CreditCardFraudWhat is a recent security alert that caught your eye, let us know in the comments 👇

    • Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (33)

    3

    Like Comment

    To view or add a comment, sign in

Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (35)

Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (36)

760 followers

  • 19 Posts
  • 1 Article

View Profile

Follow

More from this author

  • JSESSIONID in Spring Security Shanawaj Mansuri 1y

Explore topics

  • Sales
  • Marketing
  • IT Services
  • Business Administration
  • HR Management
  • Engineering
  • Soft Skills
  • See All
Shanawaj Mansuri on LinkedIn: #csrf #security #springsecurity #springboot #springframework… (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Annamae Dooley

Last Updated:

Views: 6052

Rating: 4.4 / 5 (45 voted)

Reviews: 84% of readers found this page helpful

Author information

Name: Annamae Dooley

Birthday: 2001-07-26

Address: 9687 Tambra Meadow, Bradleyhaven, TN 53219

Phone: +9316045904039

Job: Future Coordinator

Hobby: Archery, Couponing, Poi, Kite flying, Knitting, Rappelling, Baseball

Introduction: My name is Annamae Dooley, I am a witty, quaint, lovely, clever, rich, sparkling, powerful person who loves writing and wants to share my knowledge and understanding with you.