CSRF Architecture and Guardrails
RCCE students will learn Cross-Site Request Forgery vulnerabilities including state-changing request manipulation, defense bypass techniques, and modern CSRF protection mechanisms. RCCE students will learn to identify CSRF vulnerabilities in web applications, craft CSRF exploits for state-changing operations, implement CSRF protections using synchronizer tokens, double submit cookies, SameSite cookie attributes, and origin header validation, test CSRF defenses for bypass vulnerabilities, assess CSRF risk in APIs and single-page applications, and integrate CSRF testing into application security assessment methodologies. This architecture course teaches secure system design using proven patterns, guardrails, and reference architectures. At an expert level, RCCE students will learn to evaluate design options against security requirements, make informed trade-off decisions, and build systems that are resilient by design. Students gain the architectural thinking skills needed for security engineering and solution design roles.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing CSRF Architecture and Guardrails
- Design a scalable privilege management architecture with policy and enforcement
- Execute hands-on tasks for advanced application security module
- Execute hands-on tasks for learning objectives — covering in modern web applications, double submit, SameSite patterns, for APIs and SPAs.
- Execute hands-on tasks for identify csrf vulnerabilities — covering in modern web applications.
- Execute hands-on tasks for architect csrf guardrails — covering for APIs and SPAs.
- Execute hands-on tasks for module roadmap
- Execute hands-on tasks for attack surface
- Execute hands-on tasks for defense patterns
- Execute hands-on tasks for request anatomy — covering Method: GET, POST, PUT, DELETE, Browsers auto-attach cookies to requests.
- Execute hands-on tasks for why csrf works — covering Method: GET, POST, PUT, DELETE.
- Execute hands-on tasks for sop permits — covering Cross-origin form submissions (POST).
| Module 01 | CSRF Architecture |
| Module 02 | Advanced Application Security Module |
| Module 03 | Learning Objectives |
| Module 04 | Identify CSRF vulnerabilities |
| Module 05 | Architect CSRF guardrails |
| Module 06 | Module Roadmap |
| Module 07 | Attack Surface |
| Module 08 | Defense Patterns |
| Module 09 | HTTP Request Model Fundamentals |
| Module 10 | Request Anatomy |
| Module 11 | Why CSRF Works |
| Module 12 | SOP Permits |
| Module 13 | CSRF Exploits the Gap |
| Module 14 | SOP Blocks |
All hands-on labs run on Rocheston Rose X OS. Students practice csrf architecture and guardrails by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Design a scalable privilege management architecture with policy and enforcement
- Lab 2: Execute hands-on tasks for advanced application security module
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for identify csrf vulnerabilities
- Lab 5: Execute hands-on tasks for architect csrf guardrails
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for CSRF Architecture and Guardrails, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI