Cross-site request forgery (CSRF)

APPRENTICE (🟢) - 1 LAB

🟢 LAB 1 - CSRF vulnerability with no defenses ➜

PRACTITIONER (🟡) – 11 LABS

🟡 LAB 2 - CSRF where token validation depends on request method ➜

🟡 LAB 3 - CSRF where token validation depends on token being present ➜

🟡 LAB 4 - CSRF where token is not tied to user session ➜

🟡 LAB 5 - CSRF where token is tied to non-session cookie ➜

🟡 LAB 6 - CSRF where token is duplicated in cookie ➜

🟡 LAB 7 - SameSite Lax bypass via method override ➜

🟡 LAB 8 - SameSite Strict bypass via client-side redirect ➜

🟡 LAB 9 - SameSite Strict bypass via sibling domain ➜

🟡 LAB 10 - SameSite Lax bypass via cookie refresh ➜

🟡 LAB 11 - CSRF where Referer validation depends on header being present ➜

🟡 LAB 12 - CSRF with broken Referer validation ➜