Cross-Site Request Forgery (CSRF) Explained

Seriously cant say it enough. I freaking love your videos

hydrnium_

@4:53
one of the important things to mention here is that the csrf token is good only as long as it is mapped to the user's session ID in the backend. Otherwise, the attacker might simply obtain a valid CSRF token by visiting the main website themself and inject it into the malicious requests.

Tying the token to the user's session and validating that on the backend for each request is very important.

forceboxed

There's tens of thousands of videos on Csrf but you easily beat all of them. Yet the number of views you got aren't nearly as close as theirs. Niche youtubers like you are ahead of the time. I hope people like you are revered in coming 5 years

dragonballZbigBang

i came from LiveOverflow channel, i so glad to be here !
your channel is interesting, love it . keep up the good work

justforyoutube

Man, I tried researching how CSRF attacks worked last year and I never got a solid grasp of it.
This video changed that.
As a cybersecurity enthusiast and web developer, this is super helpful!

jammincoder

I watched around 15 videos regarding csrf and you are the only one who explained it clearly. Also not everyone stressed on "the browser automatically sends the cookies".

a.yashwanth

No words to describe how much informational these videos are.
Thank you.

yasirhussain

Wow, I love the graphical explanatory video, really easy to follow and understand in concordance with explication <3

nullpwn

we need more of these.
literally a free service to everyone genuinely interested

sathvikmalgikar

I genuinely don't understand why you stop creating videos. Your style is so cool.

rasikagayangunarathna

the music and naration in the intro made me feel like I'm discovering a mistery in another new world, lol. great video

sleepydev

Incredibly amazing video as always. Very great explanation, and I love your color choices and how you draw/write everything

mitchelline

Great content. I can't believe this is free!
PS: I love your colour scheme <3 <3

theawless

Third video of yours that came up, and perfectly described the concept. Subscribed

CYBRsynth

I really enjoyed your theme of explanation and the background music. sounded adventurous

danialabsolute

was curious if tokens really work since you could just make a GET and read the token then post. glad you answered that question very quickly. awesome video. i will subscribe

JoshuaKisb

Just came by from watching LiveOverflow's video. I subbed and put on the bell notification on. This channel looks so cool

miguelnunez

You are just awesome man. Why doesn't YouTube show such search results at the top. I couldn't find you when I needed but now I am happy. Thanks bro..

subhashsarangi

As I understand it, fetch and XHR require `useCredentials` to send the cookies along with the request which needs to be explicitly stated on the CORS header Otherwise cookies are not being sent and the CSRF fails.

MinusFourmn

Amazing content as always, big fan of your videos and tutorials, thank you so much ;D

farzadsole