Skip to content

rosatolen/campr-csrf-workshop

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Campr CSRF Workshop

Triggering the CSRF Vulnerability

Run the application and trigger the CSRF vulnerability.

  1. Start the application.
./gradlew clean run
  1. Go to localhost:8080 and login as admin with the username/password: admin/admin

  2. Open evil.html in a web browser and click the button

  3. Log out of the vendor portal, then try to log back in as admin

Fixing CSRF

Recommended: Use Intellij to open and import the application’s build.gradle file. This will sync your gradle system to the IDE.

If you don’t use Intellij, you can sync the gradle system according to your environment tool.

Run the tests in debug to see the failing security test in detail.

./gradlew clean test --debug

Now use your wits to get the first test to pass!

Requirements

  • JDK 1.7+
  • A Java IDE

Resources

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published