|
|
|
|
|
|
by mike-cardwell
3965 days ago
|
|
|
Basic CSRF. If you don't know what CSRF is and how to protect against it, any website you make is probably going to be insecure. If you call yourself a web developer and don't know about CSRF, please, go learn it. I don't think I'd hire a web developer who couldn't tell me what CSRF is and how to prevent it. Even if your framework takes care of it for you, you still need to know what it is. |
|
|
A thousand times this.
I used to give a talk about basic web application security, and my favourite part of that talk was right after explaining CSRF when I'd point out that "... and if you don't have active protection in place against this attack, your app is vulnerable right now". You could almost see people's faces turning white in the audience.