KM: 跨站請求偽造 - Githubissues

CAFECA-IO / KnowledgeManagement

Creating, Sharing, Using and Managing the knowledge and information of CAFECA

https://mermer.com.tw/knowledge-management

MIT License

0 stars 1 forks source link

KM: 跨站請求偽造 #48

Closed gibbs-shih closed 8 months ago

gibbs-shih commented 10 months ago

說明跨站請求偽造及簡述預防方法及如何產生token / 驗證token

gibbs-shih commented 10 months ago

https://gcdeng.com/blog/five-ways-to-defend-against-CSRF-attacks https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html https://www.synopsys.com/glossary/what-is-csrf.html https://zh.wikipedia.org/zh-tw/%E8%B7%A8%E7%AB%99%E8%AF%B7%E6%B1%82%E4%BC%AA%E9%80%A0#cite_note-2

research 4 hr remaining 4 hr

gibbs-shih commented 8 months ago

CSRF(XSRF) take about 8 hr