Cross-site request forgery (CSRF) is a type of attack that forces end users to execute unwanted actions on a web application in which they are currently authenticated. It is currently the fifth-most-risky attack in the OWASP Top 10.
“If you have not taken specific steps to mitigate the risks of CSRF attacks, your applications are most likely vulnerable,” says expert Chris Schiflett.
This presentation provides Java professionals an anatomy of CSRF in Java web applications and answers how to avoid this in new Java applications with a secure design approach and also discusses how to remediate this issue in business-critical legacy Java web applications without redesigning them.
This presentation includes a demo of the vulnerability and the remediation approach.
First presented at Oracle OpenWorld 2014 by Gopal Padinjaruveetil, Chief Application Security and Compliance Architect, Capgemini
http://www.capgemini.com/oracle