Cross-site request forgery vulnerabilities are often poorly understood and considered a low priority, making them strong candidates for exploitation. This session will feature an attack demonstration against a web application that utilizes a Java stack, followed by a defense demo using OWASP CSRFGuard.