Cross Site Request Forgery vs Server Side Request Forgery Explained

Поділитися
Вставка
  • Опубліковано 22 гру 2024

КОМЕНТАРІ • 25

  • @aleksandrchernov2373
    @aleksandrchernov2373 4 роки тому +10

    I was just dealing with this today! Perfect timing!

  • @AlbinoCordeiroJunior
    @AlbinoCordeiroJunior 3 роки тому

    Super video! I applauded for CA$2.00 👏

    • @hnasr
      @hnasr  3 роки тому

      Thanks!! 🙏

  • @ultiumlabs4899
    @ultiumlabs4899 3 роки тому +1

    I love your teaching style. thank you hussein.

  • @itzikchen4885
    @itzikchen4885 2 роки тому +3

    You clearly missed the all point of CSRF. , CSRF means the attacker tricked the victim (the one with the cookie/session) to do something eval, like changing the password, usually by sending a link or inside hidden without the victim even noticed. It's NOT an eval "different site" who *sent a request on your behalf* . The request eventually comes from the victim, that's the point of CSRF. unlike session/cookie hijacking.

  • @jenniferbate9513
    @jenniferbate9513 Рік тому

    Prepping for an interview. Helpful. Thank you!

  • @angeloreyes707
    @angeloreyes707 2 роки тому

    Such a good explanation. This just got the channel a sub.

  • @krishnakumar-rp9wc
    @krishnakumar-rp9wc 3 роки тому +1

    Nicely explained!

  • @cyberwarrior3257
    @cyberwarrior3257 2 роки тому

    Great Explaining, Thank you for this incredible video!

  • @balapraneeth9708
    @balapraneeth9708 4 роки тому +2

    Great Content . To the point. Thanks

  • @omphemetsemafoko830
    @omphemetsemafoko830 2 роки тому

    Good explanation. Thanks

  • @iamnobody9913
    @iamnobody9913 2 роки тому

    Thank you for this video content. I've learned a lot 😊

  • @rickfernandes2369
    @rickfernandes2369 3 роки тому

    In ssrf What if i change some header and was able to visit/get data from api server... Will it still be considered as ssrf ?

    • @hnasr
      @hnasr  3 роки тому +1

      SSRF can only happen when the server relies on a piece of header/payload in the request that contain information about URL or sub path that the server need to visit on the backend.

  • @Viachev
    @Viachev 4 роки тому

    Hello Hussein, I'm really glad i found your channel. While i was watching some of your vids, a question popped up in my head. Can you make a vid that specifies how many users can a webserver handel and what happens when we are using websockets for example...will the load on server drop?

    • @hnasr
      @hnasr  4 роки тому +3

      Slav Biachev thanks Slav! Good question!! There is no known limit to how much a server can handle. What you start to notice is slower and slower response time, connection drops .. this is based on how much memory and cpu your server has and based on the workload of each request. It is a good idea for a video 👍 kind of fall on the p99 p95

  • @abdullahsifat9156
    @abdullahsifat9156 3 роки тому

    Hussein brother your contents are really really helpful and I think priceless considering availability of the contents like you are creating in youtube. But as a well wisher and being a much junior than I want to tell you that please say things in more straightcut or specific way please dont make contents bigger just explaining unnecessary sentences or ways.. these sentences create your contents bigger and make sometimes really hateful/intolerable or you can make a short script. Please dont sound some cartoonish way. Please take my words like from a well wisher. please dont take me wrong. Dont speak aa uu or with cartoonish sound just speak straight please please please

  • @ca7986
    @ca7986 4 роки тому

    ❤️

  • @ramesh_panthangi
    @ramesh_panthangi 4 роки тому

    Hi

  • @ruhnshnik9106
    @ruhnshnik9106 9 місяців тому

    get a stylus bro