Securing Against Cross-Site Request Forgery in a Way You Won't Regret Later

Protecting a web application against cross-site request forgery (CSRF) typically requires architectural changes. In researching and building its security analysis tool, Coverity realized that web developers struggle with how to implement them. In this on-demand webcast, we present an example-driven survey of how real apps are secured against CSRF, highlighting the trade-offs and pitfalls of various approaches. We discuss what characteristics make for secure, scalable, and foolproof solutions.

In this webcast, we specifically cover:

  • An Introduction to CSRF
  • Best practices in protection
  • Available technologies and how to incorporate them
  • How to avoid common mistakes that lead to vulnerabilities


Who should attend: Java EE developers

Featured Speaker



Dr. Aaron Hurst is a Principal Engineer at Coverity, a Synopsys company, where his primary role is developing new program analysis methods and tools for identifying Java web application security defects. He received his Ph.D. from the University of California, Berkeley in 2008, and his M.S. and B.S. from Carnegie Mellon University. After graduating, he spent several years as a Research Scientist at Cadence Research Laboratories.




Watch On-Demand