Introduction to Testing
Lectures 71 • 40 slides
Narration
Session 71 Slide 1: XSS/CSRF/SQL Injection Countermeasures
mindmap
root((Web Vulnerability Countermeasures))
XSS
Reflected
Stored
DOM-based
CSRF
Token
SameSite
SQLインjection
Placeholder
ORM
Today's Theme
- Detailed understanding of the three major vulnerabilities in web applications
- Practical attack methods and defenses
Learning Objectives
- Understand the types and countermeasures of XSS (Cross-Site Scripting)
- Learn the mechanism and defenses of CSRF (Cross-Site Request Forgery)
- Acquire attack patterns and defense implementations for SQL Injection
- Be able to properly configure Content Security Policy (CSP)
Review of the Previous Session
- Threat categories learned in Session 70 "Detailed Explanation of OWASP Top 10"
- This time, we will delve deeply into A03:2021-Injection in particular
1/40