Cross Site Request Forgery vs Server Side Request Forgery Explained

Рет қаралды 37,122

Күн бұрын

In this video I explain the difference between Cross-Site Request Forgery (CSRF) and Server Side Request Forgery (SSRF)
Summary: Frontend Engineers pay attention to CSRF, Backend Engineers pay attention to SSRF.
Chapters
0:00 Intro
0:20 CSRF
4:19 SSRF
10:15 Summary
🏭 Backend Engineering Videos
• Backend Engineering (B...
💾 Database Engineering Videos
• Database Engineering
🛰 Network Engineering Videos
• Network Engineering
🏰 Load Balancing and Proxies Videos
• Proxies
🐘 Postgres Videos
• PostgresSQL
🚢Docker
• Docker
🧮 Programming Pattern Videos
• Programming Patterns
🛡 Web Security Videos
• Web Security
🦠 HTTP Videos
• HTTP
🐍 Python Videos
• Python by Example
🔆 Javascript Videos
• Javascript by Example
👾Discord Server / discord
Become a Member
/ @hnasr
Support me on PayPal
bit.ly/33ENps4
Become a Patreon
/ hnasr
Stay Awesome,
Hussein

Пікірлер: 25

@aleksandrchernov2373 4 жыл бұрын

I was just dealing with this today! Perfect timing!

@ultiumlabs4899 3 жыл бұрын

I love your teaching style. thank you hussein.

@angeloreyes707 2 жыл бұрын

Such a good explanation. This just got the channel a sub.

@cyberwarrior3257 Жыл бұрын

Great Explaining, Thank you for this incredible video!

@jenniferbate9513 Жыл бұрын

Prepping for an interview. Helpful. Thank you!

@balapraneeth9708 3 жыл бұрын

Great Content . To the point. Thanks

@krishnakumar-rp9wc 3 жыл бұрын

Nicely explained!

@iamnobody9913 2 жыл бұрын

Thank you for this video content. I've learned a lot 😊

@itzikchen4885 2 жыл бұрын

You clearly missed the all point of CSRF. , CSRF means the attacker tricked the victim (the one with the cookie/session) to do something eval, like changing the password, usually by sending a link or inside hidden without the victim even noticed. It's NOT an eval "different site" who *sent a request on your behalf* . The request eventually comes from the victim, that's the point of CSRF. unlike session/cookie hijacking.

@omphemetsemafoko830 2 жыл бұрын

Good explanation. Thanks

@AlbinoCordeiroJunior 3 жыл бұрын

Super video! I applauded for CA$2.00 👏

@hnasr 3 жыл бұрын

Thanks!! 🙏

@Viachev 4 жыл бұрын

Hello Hussein, I'm really glad i found your channel. While i was watching some of your vids, a question popped up in my head. Can you make a vid that specifies how many users can a webserver handel and what happens when we are using websockets for example...will the load on server drop?

@hnasr 4 жыл бұрын

Slav Biachev thanks Slav! Good question!! There is no known limit to how much a server can handle. What you start to notice is slower and slower response time, connection drops .. this is based on how much memory and cpu your server has and based on the workload of each request. It is a good idea for a video 👍 kind of fall on the p99 p95

@ca7986 3 жыл бұрын

❤️

@rickfernandes2369 3 жыл бұрын

In ssrf What if i change some header and was able to visit/get data from api server... Will it still be considered as ssrf ?

@hnasr 3 жыл бұрын

SSRF can only happen when the server relies on a piece of header/payload in the request that contain information about URL or sub path that the server need to visit on the backend.

@abdullahsifat9156 2 жыл бұрын

Hussein brother your contents are really really helpful and I think priceless considering availability of the contents like you are creating in youtube. But as a well wisher and being a much junior than I want to tell you that please say things in more straightcut or specific way please dont make contents bigger just explaining unnecessary sentences or ways.. these sentences create your contents bigger and make sometimes really hateful/intolerable or you can make a short script. Please dont sound some cartoonish way. Please take my words like from a well wisher. please dont take me wrong. Dont speak aa uu or with cartoonish sound just speak straight please please please