## Apprentice Level
- β
[[1. CSRF vulnerability with no defenses]]
## Practitioner Level
- β
[[2. CSRF where token validation depends on request method]]
- β
[[3. CSRF where token validation depends on token being present]]
- β
[[4. CSRF where token is not tied to user session]]
- β
[[5. CSRF where token is tied to non-session cookie]]
- β
[[6. CSRF where token is duplicated in cookie]]
- β
[[7. SameSite Lax bypass via method override]]
- β
[[8. SameSite Strict bypass via client-side redirect]]
- β
[[9. SameSite Strict bypass via sibling domain]]
- β
[[10. SameSite Lax bypass via cookie refresh]]
- β
[[11. CSRF where Referer validation depends on header being present]]
- β
[[12. CSRF with broken Referer validation]]