Get unlimited access to videos, live online training, learning paths, books, tutorials, and more. Start Free Trial No credit card required.
Show related SlideShares at end. WordPress Shortcode. Full Name Comment goes here. Are you sure you want to Yes No. Mark Burnett , Mark Burnett is an infosec consultant and author. Beherca Li at C3 Carbon. Show More. No Downloads. Views Total views. Actions Shares.
Follow me nthgergo! How can I protect against XSS? How should I store passwords? The attacker crafts an URL which calls the action of the given form , to follow our example, to update the email address of the user.
The attacker requests a password reminder and takes over the account. A CSRF token is: unique per user session, a large random value, generated by a cryptographically secure random number generator.
When should I use JWT-based authentication? When should I use session-based authentication?
Stay ahead with the world's most comprehensive technology and business learning platform.
Visit GitHub to add a comment. Speaking Manager readme Publications Blog Events.
- Marxs Lost Theory.
- The Ethics of the New Economy: Restructuring and Beyond.
- Ethnonationalist Conflict in Postcommunist States: Varieties of Governance in Bulgaria, Macedonia, and Kosovo?
What are the best practices for handling secrets, like database passwords? Further resources: 7.