Interested in supporting me and gaining early access to the Web Security Academy videos when they're recorded? Consider buying my course: academy.ranakhalil.com/p/web-security-academy-video-series! ✨ ✨

Your teaching style is the best. Really difficult to find teachers like you 😭. I'm having difficulties in XSS. Hope you will make videos on that too ❤️❤️

This is gotta be the best video on the Internet. I'm a fan now.

7:55 and this is the best explanation i've heard yet. Well done. Very clear

For some reason, I really like listening u explain stuff. This reminds me of the science tv shows I used to watched as a kid :)

44:45 "Of course, you need to use [SameSite] in addition to CSRF tokens and not as a defence on its own." This cannot be repeated enough 👏👏👏

Ohh mam, after so long time. Waiting the new topic after being master in sql😁

i don't even know how to put things into words the way how you explain, it's an amazing mam..we need such playlist more in the future..

Best video on this topic. This is gold. Thanks so much for this.

This video needs 100 million views

Great explanation. All my confusion related to CSRF are gone now... Thank you so much for creating such content.

Hey rana Khalil good to see u.. please do other topics as soon as possible.. because u have an outstanding ability to train.

You explain everything clearly and concisely without over complicating the topic. Please make some Udemy courses! Thank you from Canada 🇨🇦

Oh, my God, how well you explain this

I like the way you explain the topics very minutely you explain it’s very easy to understand .Hoping you to upload all the labs of portswigger soon.

Awesome Explanation 🙌💥✌✌Thanks ma'am ! (Finally Landed on the BEST CSRF EXPLANATION TUTORIAL on KZbin) This channel Deserves Millions of Subscribers ...after somedays this playlists will also hit millions.🔥

Awesome tutorial ever. First complete SQLi and now CSRF 👍😎

Wow, this was AWESOME. Many thanks for this great learning material.

السلام عليكم ما شاء الله هذا أحسن شرح في الموضوع جزاك الله خيرا

love from pakistan Thanks for doing such amazing job. people get's to learn alot.

Very well explained , covering each aspect in detail . Highly Appreciated!! Rana 👍

Rana, I love your videos and your explanations. They are very informative. Thank you.

God, how wanderful and detailed you can explain! Thaaaanks!!

Best in depth video I found

just finished watching the full video .. really awesome content.. Thanks for that.

you have such a calming voice

im from india mam u are a very good teacher i wish i could have u as my cybersecurity mentor

incredibly clear and easy to understand, thank you

these series are amazing!, thank you.

i'm so excited,please upload this video

That is really awesome session,Thanks alot Rana and great effort.

Thanks for everything you do and you are highly appreciated, we could appreciate an updated version of this video or maybe just a part that include exploring json request type csrf tricks and tips, including some guideline that could help beginners, I could appreciate especially covering using flash to exploit csrf ❤

Hello Rana Khalil I check your channel every week for new learning video. Thank you again.

Awesome video and detail explanation. Thank you 👍

Rana thank you very much. CSRF is my best bug class..

best video ever on the subject! you have a great way at explaining things lol. thanks

Your material is outstanding thanks a lot

Excellent quality, amazing content, and very clear way in illustration, I am amazed, greetings from Egypt

Thank u ur detailed Explaining is unique and awesome

Im in XSS by The PortSwigger learning Path. Ansious to cath The next chapter CSRF to whatch The Best Teacher. Tnx👍

Excellent explanation on the topic. Thanks.

just complete watching the full video . Really awesome content. Thanks for the content apu(sister)

Great video!

This is a great video. Thank you.

Thanks for the amazing explanation...

Thank you soo much for this video...I am a fresher to this field...This class was awesome...please upload more videos and labs on attacks...

Thanks so much for given us the lessons of CSRF

Crystal clear. Thanks

Thank you Ms.Khalil is very useful for me.

Really it was great 👍

Thank you. Your video is really well done :-)

Great!!

Hi Rana Khalil, my English knowledge is not very good, but if I ask that your videos are very instructive, can you add Turkish and English subtitle options to your video?

awesome work 👍😀

Hey @RanaKhalil, In stateless applications, how is the validation done? To check if the tokens provided are associated with the user's session and not an attacker's tokens sent with the user's session.

Thanks a lot clear to understand

38:30 So where is the parameter csrf token (the one placed in POST body) stored if not in cookies? In local storage? Cant the attacked steal the csrf cookie?

best video ever

Just wondering why we need an and form to trigger the attack. Why cant just make the xhr request directly within the script tag ? It will give the same effect where when victim is tricked to load the page, the POST is automatically fired on load.

Great video Rana. A quick question..why doesnt the browser attach the csrf token just as it attaches the cookie when the attacker sends a url of the site with email change parameter?. I mean how does the browser decide when to attach the csrf token and when not? I mean if an attacker sends me a link for email change and I have a cookie and token in the browser, why wont the browser not attach the csrf token at that point in time?

Waiting . . .

Why is the subtitles closed on the video? Please look into this matter

For stateless applications, shouldn't a single CSRF token (passed as hidden input field) be enough? Why do we need double submit defence?

Thanks

Excellent

Hi, I have a doubt as why Post Method will not include cookies?

Thanks Maam 🧑🏻‍💻😃

I great one I ever thanks 🥂

Hey Nicely done

rana I love your videos and the way you explain everything, is it possible that you can activate the subtitles in this video? my English is not very good, but with the subtitles I can understand your video perfectly, I hope it is possible and thank you very much for sharing your knowledge, it is of great value.

waiting from Egypt

Excellent explain ♥️ Thank you!

Second question is Under Inadequate defense, instead of using the referrer header, if Origin header is used against Whitelist allowed origin, will it become another layer of security for CSRF attack OR is Origin header also can be spoofed?

شكرا ليكي كتير

Hello, I have a question What's the difference between buying a course and not buying it?

but how does the attacker know that the link has been clicked and email got changed?

thank you rana

keeeeeeeep going want wait to finishing all labs with you ^_^

Hi, tanks for awsome video , Can you activate the subtitles of your video, it will really help a lot, thank you

Hi @RanaKhalil101, Your videos and explanation are really good. It made me understand the basics so much thanks a lot for this!! Reallly i mean it.

You are amazing

I dont get how sql injections and csrf are related?

are there ones for XSS please ?

Nice job

hello ma'am, I have doubt when the attacker send the email to victim with malicious link to click. In this case as you told in the Additional defense concept regarding SameSite attribute, since the victim clicked the link in the gmail, so if the SameSite=Strict then should CSRF attack will fail? because the request is initiated from the third part gmail. Is my undestanding is wrong?

Great ❤️❤️

I was wondering if it'd possible to add English subtitles, my sister is deaf, and I'm not pretty good at understanding English (we're from Spain), but both of us can read it. We're aware how good your material is, and it'd me amazing for us if that'd be possible. Thanks a lot in advance!

Thank you, sister......

Please make videos on xss thank you❤

I’ve been following you for a while thank you for what you are doing; I watched laltely your interview with David Bombal on his youtube channel; I’m really impressed and I would like to thank you for your advices. I have some questions regarding intigriti if you can reply to them I would be grateful

Awesome,,,,, ....

Thanks from iraq❤

It seems that there are no subtitles and cannot be translated, which is a bit troublesome

great thanks very much

please make videos on OAuth 2

Iam waiting

This live or vedio recorded

i have a question Sister ....i master php and i can also do scripts in python...but as i see in youtube..most youtubers dont encourage php languages!!! i am confused really if i continue in php or i leave it and try to master python..what is your advice Sister and thanks a lot of

Why is there no subtital?

Please make more videos for us