Shanawaj Mansuri
Consultant at Capgemini
- Report this post
CSRF (Cross-Site Request Forgery) :1. What is CSRF ?CSRF is an attack or vulnerability used by hackers to exploit the user to carry out some action without their will.That means if you visit any site on internet but that site is actually forging your request to some other site without your knowledge.Example : If user visited some site lets say user logged in to any of the online shopping sites.The server of that site will create a cookie and save it in user's browser against that sites domain nameNow the same user opens a different site lets say "xyz .com" in another tab of his browser and a hacker is sitting behind that site to perform CSRF attack and once user open that site it can have a web page with malicious link like some lucrative offer which user will be tempted and click on that link,But in actual in backend the attacker will have a code for changing the email address of user's online shopping app account and it will make a request for changing email address of your online shopping site and along with that request it will also send the cookie details stored for that site in your browser because in reality the request from "xyz .com" is going to the site for which cookie is stored.So, in this way attackers can forge a request using CSRF attack.2. Solution to secure your application from CSRF attack :To avoid CSRF attack, applications need a way to determine if HTTP request is generated via the application's user interface or the HackerThe Best way is to use "CSRF Token" --> CSRF Token is a secure random token to prevent CSRF attacks.This token should be unique per user session and should be large random value to make it difficult to guess.So for every request server is going to send the cookie and the CSRF token which will be saved in user's browserAnd now if hacker performs any CSRF attack even if it sends the cookie details for the site the CSRF token will be different for this session as it is unique per session and the attack will fail.#csrf #security #springsecurity #springboot #springframework #authentication
21
2 Comments
Shital Kumbhar
Specialist - IT engineer
9mo
- Report this comment
Great way to share your knowledge 👏
1Reaction 2Reactions
To view or add a comment, sign in
More Relevant Posts
-
Brian Sánchez Camelo
Full Stack Developer
- Report this post
A recent report reveals that over 100,000 websites are being infected with malware through the polyfill.io domain, which was acquired earlier this year by a Chinese organization. Polyfill.io provided polyfills, which are JavaScript code snippets that add functionality to older browsers. Now, the domain is inserting malicious code into the scripts, affecting anyone visiting a website using this service.Security firms have alerted organizations to immediately remove any code from polyfill.io. Google has started blocking ads on affected websites to reduce the number of potential victims. Sansec, a security company, reports that the domain was acquired in February by Funnull, a Chinese CDN, and has been using the service in a supply chain attack since then.The original creator of the project, Andrew Betts, had already warned in February about the change in ownership and potential insecurity, advising users to remove the code from their websites. Other CDN providers like Fastly and Cloudflare have created mirrors of polyfill.io so that sites can continue using the code without relying on the compromised domain.https://lnkd.in/ghknS3mm
1
Like CommentTo view or add a comment, sign in
-
The Media Trust
7,241 followers
- Report this post
Massive attack underway and you are likely affected. #PolyFill is a popular open-source JavaScript library used by more than 100K websites to support older browsers via integrating the domain polyfill[.]io. But since PolyFill was acquired by a Chinese company in February, the domain has been injectingmalwareon mobile devices via any site which has polyfill[.]io. It appears the domain was purchased specifically to spread malware through legit sites and advertising—and it's working. PolyFill is spreading redirects like wildfire—#ecommerce operations are being hard hit.All websites utilizing the polyfill[.]io domain should remove it immediately. CloudFlare and Fastly have developed patches; Fastly has taken a snapshot of the code before it was sold and is hosting it here (https://polyfill-fastly.io). Use this remote host until you are able to download the polyfill.js file locally, scan it for vulnerabilities and host it on internal systems.Below—a PolyFill malicious payload example courtesy of Sansec - experts in eCommerce security.Please reach out to The Media Trust if you need assistance — info@themediatrust.com
23
3 Comments
Like CommentTo view or add a comment, sign in
-
Anjaly Anil
Cybersecurity Enthusiast || CEHv12 || SOC || VAPT || CSA || Networking || CSE
- Report this post
Day 75/100 days of challenge!!!!#100daysofchallenge #clickjacking #cyberattack #cybersecurity #learning #careerdevelopment 🔺CLICKJACKINGClickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element. This can cause users to unwittingly download malware, visit malicious web pages, provide credentials or sensitive information, transfer money, or purchase products online.Typically, clickjacking is performed by displaying an invisible page or HTML element, inside an iframe, on top of the page the user sees. The user believes they are clicking the visible page but in fact they are clicking an invisible element in the additional page transposed on top of it.The invisible page could be a malicious page, or a legitimate page the user did not intend to visit – for example, a page on the user’s banking site that authorizes the transfer of money.There are several variations of the clickjacking attack, such as:Likejacking – a technique in which the Facebook “Like” button is manipulated, causing users to “like” a page they actually did not intend to like.Cursorjacking – a UI redressing technique that changes the cursor for the position the user perceives to another position. Cursorjacking relies on vulnerabilities in Flash and the Firefox browser, which have now been fixed.🔺 DEFENDING AGAINST CLICKJACKINGThere are three main ways to prevent clickjacking:- Sending the proper Content Security Policy (CSP) frame-ancestors directive response headers that instruct the browser to not allow framing from other domains. The older X-Frame-Options HTTP headers is used for graceful degradation and older browser compatibility.- Properly setting authentication cookies with SameSite=Strict (or Lax), unless they explicitly need None (which is rare).- Employing defensive code in the UI to ensure that the current frame is the most top level window.
14
1 Comment
Like CommentTo view or add a comment, sign in
-
BrowserHow
5 followers
- Report this post
Do you want to learn? How to Remove Search Marquis from Safari Mac💡 You can read more 👇 https://lnkd.in/dyEHRkiP The Search Marquis is a browser hijacker that automatically changes the default search engine to a malicious site. There are different ways to remove the malware and make Safari normal again. Force quit your browser and end suspicious activity from Activity Monitor. Also, delete the extension and clear browsing data for a complete cleanup. #SafariMac #BrowserHow #AppleSafari
Like CommentTo view or add a comment, sign in
-
Matt Peck
Contract Software Engineer 🧑💻 | Building Scalable Web Solutions 🚀| Typescript - Node.js - AWS - React - Vue
- Report this post
Another day, another web vulnerability. If you're using polyfill.io CDN to bring modern JS features to legacy browsers, you might want to find an alternative.The CDN is being used to distribute malware.https://lnkd.in/eVPvJDve
1
Like CommentTo view or add a comment, sign in
-
Adam Goss
Helping demystify cyber threat intelligence for businesses and individuals | CTI | Threat Hunting | Custom Tooling
- Report this post
🚨 New variation of clickjacking emerges called "gesture jacking" 🚨While many web developers still struggle to defend against clickjacking, a new attack technique has emerged: gesture jacking (cross-window forgery). This technique is more reliable and less reliant on user settings.ℹ️ Clickjacking is an attack in which web page elements are manipulated to deceive users into clicking something other than what they intend. Gesture jacking is similar to clickjacking but involves attackers enticing users to perform certain actions, like holding down a key, which can lead to unauthorized operations on a victim’s website.🛡️ To defend against these techniques, web developers should not use predictable ID tags for sensitive buttons, drop URL fragments to prevent scrolling to specific webpage parts, the force-load-at-top document policy, and implement activation cooldown periods.👉 Despite browser efforts to mitigate these risks, this is a continuous battle, with not all abusable behaviors considered vulnerabilities by browser vendors. It is a cat-and-mouse game between developers and hackers.#cybersecurity #news #webattack #clickjacking #gesturejacking #threatintelligence #cti
3
Like CommentTo view or add a comment, sign in
-
CyberDef
45 followers
- Report this post
🚨 A recent supply chain attack on Polyfill.io has compromised over 100,000 websites, redirecting users to malicious sites. Key services like JSTOR and Intuit have been affected. Read the full article to learn more about the impact and steps for mitigation.Read more: https://lnkd.in/dbFszvBd#cybersecurity #websecurity #supplychainattack
Like CommentTo view or add a comment, sign in
-
Webcoda Digital Agency Sydney
371 followers
- Report this post
Protect your website! If you were among the numerous websites impacted by the https://hubs.la/Q02DNkGj0 security incident last week https://hubs.la/Q02DNlgy0, it's crucial to ensure the issue has been addressed. Update - It looks like the domain has been shut down anyway so is no longer a threat.Many site owners were unaware of the breach until Google suspended their AdWords due to a security flaw on their sites. Some big name site were affected .."Hulu, Nintendo, JSTOR, tax site Intuit, and some high-profile news sites—to gambling or porn sites via pop-up windows or full redirects."To safeguard against future threats, employing a service like Cloudflare https://hubs.la/Q02DNkst0 is advisable, as it can dynamically adjust your website to link to a secure script version. Setting up Cloudflare is beneficial even if you weren't directly affected, as it offers cost-effective security enhancements, including protection from distributed denial-of-service attacks.If this is all just going over your head and you just want some help feel free to reach out.
3
Like CommentTo view or add a comment, sign in
-
ConnectProtect®
356 followers
- Report this post
Recent findings reveal that hackers are exploiting a vulnerability in the Facebook module for PrestaShop, known as "pkfacebook," to deploy skimmers that steal credit card information from online shoppers.🟧 Key Details:▪️ The vulnerability, identified as CVE-2024-36680, is an SQL injection flaw.▪️ It affects numerous e-commerce sites using the PrestaShop platform.▪️ Despite claims from the module's developer, the flaw is actively being exploited, posing a significant risk to businesses and their customers.At ConnectProtect, we emphasize the critical importance of keeping software and modules updated and securing all aspects of your digital infrastructure.🟧 Protect Your Business with the following mitigations recommended by the Friends-Of-Presta ▪️ Upgrade to the latest pkfacebook version to disable multiquery executions.▪️ Ensure the use of pSQL to avoid Stored XSS vulnerabilities, leveraging the strip_tags function for added security.▪️ Modify the default "ps_" prefix to a longer, arbitrary one to improve security against basic attacks.▪️ Activate OWASP 942 rules on your Web Application Firewall (WAF).Don't wait until your data is compromised. Ensure you have visibility over your environment, secure your organisation and protect your customers today!Read more on the recent exploit🔗 https://lnkd.in/dD85_WSB#DataProtection #SQLInjection #EcommerceSecurity
3
Like CommentTo view or add a comment, sign in
-
OpenBuckets
6,234 followers
- Report this post
🚨 Alert: Major Security Flaw in PrestaShop's Facebook Module Exploited by Hackers 🚨Hackers are exploiting a severe SQL injection vulnerability in the pkfacebook module for PrestaShop, enabling them to steal credit card details from online shoppers. The flaw, identified as CVE-2024-36680, affects the facebookConnect.php Ajax script, allowing remote attackers to manipulate SQL queries via HTTP requests. Discovered by #TouchWeb, this critical flaw remains contentious as #Promokit claims it was resolved, yet no evidence has been provided.Friends-of-Presta recently published a proof-of-concept exploit, highlighting active exploitation in the wild. They recommend several security measures, including upgrading to the latest pkfacebook version, employing pSQL to prevent stored XSS vulnerabilities, changing the default database prefix, and activating OWASP 942 rules on the Web Application Firewall.Despite Promokit’s assertion that the flaw has been patched, there is ambiguity since the latest version on their site is listed as 1.0.0. With PrestaShop’s widespread use in over 300,000 online stores globally, this vulnerability poses a significant risk, potentially leading to administrative privilege abuse, data breaches, and email hijacking. Store owners must act swiftly to implement recommended security measures and safeguard their e-commerce platforms.#CyberSecurityAlert #EcommerceSecurity #DataProtection #PrestaShop#SQLInjection #CreditCardFraudWhat is a recent security alert that caught your eye, let us know in the comments 👇
3
Like CommentTo view or add a comment, sign in
760 followers
- 19 Posts
- 1 Article
View Profile
FollowMore from this author
- JSESSIONID in Spring Security Shanawaj Mansuri 1y
Explore topics
- Sales
- Marketing
- IT Services
- Business Administration
- HR Management
- Engineering
- Soft Skills
- See All