Lesson 4: Cross-site Forgery Request, Using Vulnerable Components, Unvalidated Redirects and Forwards

This E-Commerce Security Course fourth lesson covers the following:

Cross-site Forgery Request
Using Vulnerable Components
Unvalidated Redirects/Forwards

This lesson is conducted in partnership with Isaac Sabas and Jonathan Mantua of Pandora Security Labs. (offers advance IT security training and provider of WebRanger – an online security monitoring and attack blocking service.)

(Should you encounter a “secure connection failed” message in any of the video embedded, just click on the “try again” button to load it.)

WARNING: STUDENTS PARTICIPATING IN THIS PROGRAM SHOULD USE THE KNOWLEDGE AND INSIGHTS GAINED IN A RESPONSIBLE MANNER. Probing and attacking websites, whether successful or not, is a CYBERCRIME and will make you liable under the E-Commerce Law, CyberCrime Law, and Data Privacy Law.

Cross-site Forgery Request

Using Vulnerable Components

References:

Unvalidated Redirects and Forwards

Resource:

Testing site: Secure Savings Bank
OWASP 2013 Top 10 List

E-Commerce Security Course

Lesson 4: Cross-site Forgery Request, Using Vulnerable Components, Unvalidated Redirects and Forwards

WARNING: STUDENTS PARTICIPATING IN THIS PROGRAM SHOULD USE THE KNOWLEDGE AND INSIGHTS GAINED IN A RESPONSIBLE MANNER. Probing and attacking websites, whether successful or not, is a CYBERCRIME and will make you liable under the E-Commerce Law, CyberCrime Law, and Data Privacy Law.

Cross-site Forgery Request

Using Vulnerable Components

Unvalidated Redirects and Forwards

Questions