Oplægget er optaget på Faglig Fredag hos Lund&Bendsen A/S den 16/12-2022.

Abstract

Earlier this year, I presented fighting XSS attacks using content security policy, one of the most common security exploits. In ihis presentation, I will be talking about two more common exploits in modern web application security: Unicode exploits and Cross-Site Request Forgery (CSRF) attacks. You will also learn some common methods for fighting these attacks and keeping your data and your client’s data safe from harm.

Here is a sneak peek at what I will present:

Unicode and encoding

At the lowest level, we have characters, Unicode, and encoding that most of the web is built upon. In this part, you will learn the fundamental concepts involving Unicode and encoding and why emojis and other characters can cause trouble for us in our applications.

Cross-Site Request Forgery (CSRF) attacks and prevention

This is a common attack against our web applications that involve hackers tricking innocent end users into making requests to websites and applications that they’re logged into. In this talk, you will learn how this attack is carried out and what you can do to protect yourself against it. After this talk, you will be more aware of common web security concepts, how Unicode and encoding exploits, as well as CSRF attacks, are executed, and how to protect yourself and your users better. By studying these ideas, you can help make the internet a little more secure.