Tore Nestenius: Unicode Exploits and Cross-Site Request Forgery

Se video

Oplægget er optaget på Faglig Fredag hos Lund&Bendsen A/S den 16/12-2022.


Earlier this year, I presented fighting XSS attacks using content security policy, one of the most common security exploits. In ihis presentation, I will be talking about two more common exploits in modern web application security: Unicode exploits and Cross-Site Request Forgery (CSRF) attacks. You will also learn some common methods for fighting these attacks and keeping your data and your client’s data safe from harm.

Here is a sneak peek at what I will present:

Unicode and encoding

At the lowest level, we have characters, Unicode, and encoding that most of the web is built upon. In this part, you will learn the fundamental concepts involving Unicode and encoding and why emojis and other characters can cause trouble for us in our applications.

Cross-Site Request Forgery (CSRF) attacks and prevention

This is a common attack against our web applications that involve hackers tricking innocent end users into making requests to websites and applications that they’re logged into. In this talk, you will learn how this attack is carried out and what you can do to protect yourself against it. After this talk, you will be more aware of common web security concepts, how Unicode and encoding exploits, as well as CSRF attacks, are executed, and how to protect yourself and your users better. By studying these ideas, you can help make the internet a little more secure.

Tore Nestenius Profilbillede

Tore Nestenius


Tore is an independent software consultant and trainer based in Helsingborg, Sweden. For the last 10 years, he has been training developers all around the world in software architecture, web security, OpenID-connect, C#/.NET and domain-driven design. When he is not teaching, he is mentoring and coaching developer teams all around Europe. He is currently working on courses in both secure development and web security that will be released through Lund&Bendsen in the coming months.