Lab: CSRF vulnerability with no defenses
Lab: CSRF where token validation depends on request method
Lab: CSRF where token validation depends on token being present
Lab: CSRF where token is not tied to user session
Lab: CSRF where token is tied to non-session cookie
Lab: CSRF where token is duplicated in cookie
Lab: CSRF where Referer validation depends on header being present