|
|
|
|
|
|
by simonw
3965 days ago
|
|
|
"If you don't know what CSRF is and how to protect against it, any website you make is probably going to be insecure" A thousand times this. I used to give a talk about basic web application security, and my favourite part of that talk was right after explaining CSRF when I'd point out that "... and if you don't have active protection in place against this attack, your app is vulnerable right now". You could almost see people's faces turning white in the audience. |
|
|