Sent on

The first piece of the CSRF puzzle: CSRF Tokens


Hey there,

Following up from the release of last week's Cross-Site Request Forgery (CSRF) Attack module, I'm excited to let you know the latest Defend module for my Practical Laravel Security course is now live! The module is called CSRF Tokens, and it covers everything you need to know about how CSRF tokens work in Laravel.

CSRF Tokens Module

This module is the first of three companions to last week's CSRF Attack module, and explains how CSRF tokens work within Laravel. (Spoiler: it's fairly simple!) It covers both sides of Laravel's protections, the middleware and the token itself, plus explains how they are implemented in Laravel and why it's something you should actually care about.

What's next?

I'll be finishing up the other two companions to the CSRF attack module:

  • SameSite Cookies

  • Cross-Origin Resource Sharing (CORS)

And following on from that will most likely be SQL Injection (SQLi), with some fun new challenges.

Don't forget...

  1. The CSRF Attack module includes 6 interactive challenges that teach you various CSRF Attacks. These challenges are:

    1. Basic CSRF Attack

    2. CSRF through a hidden form

    3. CSRF in the background of a page

    4. Bypassing SameSite protections

    5. Abusing Subdomains to satisfy SameSite protections

    6. Stealing CSRF tokens

  2. The course includes a dedicated Discord server, where you can ask me any questions about the course, or security in general, and join in on some great discussions. There is a channel for the challenges, so you can get help if you need it - or brag about your successes! Definitely check it out if you've bought the course.

Haven't bought the course yet?

So, if you haven't already bought the Practical Laravel Security course, now's the perfect time to do it. By investing in your knowledge and skills, you'll be better equipped to secure your applications and take your coding game to the next level!

The course is still in early access, so signing up now will get you the heavily discounted price, and you'll have immediate access to the modules that have been released and the Discord server.

Sign up now

Please contact me directly forTeams pricing, as well as student and PPP discounts.

I hope you have a fantastic week. 😁

Thanks,
Stephen