SIT 218/738: Secure coding

Note: Complete the steps provided in "Ontrack Task7.1P Start Activity" on CloudDeakin

before completing this task.

Pass task 7.1P: Session management and CSRF attacks

Objective

The objective of this task is to understand how CSRF attacks work by exploiting the vulnerabilities in

session management in web applications. You will also understand the how CSRF attacks can be

prevented using the HTTP referrer headers (written as HTTP referer header: read more about this

misspelling from this link (https://en.wikipedia.org/wiki/HTTP_referer)).

Overview

Task 1: Add screenshots from end of Section 1 in Ontrack-Task7.1 Start Activity

Task 2: Add screenshots from end of Section 2 in Ontrack-Task7.1 Start Activity

Task 3: Add screenshots from end of Section 3 in Ontrack-Task7.1 Start Activity

Task 4: This attack targets the client side. The end user's sensitive information can be

modified/accessed by the attack. In contrast Server-Side Request Forgery (SSRF) targets the server

and could be potentially more harmful. Briefly explain how this attack works and how this can be

prevented.

Submission Requirements:

Submit one PDF file containing the following information:

1. Screenshots for Task1, 2, 3 as mentioned in Ontrack-Task 7.1 Start Activity.

2. Task 4: brief explanation of how SSRF attacks work and how to mitigate it.