Blogs about: Csrf
Featured Blog
Ajax enabled web unfolds many new CSRF security problems
SPI Dynamics, Inc., a leading provider of web application security assessment software and services, which was acquired by HP in 2007, have revealed JavaScript techniques for compromising the intranet… more →
Garo Garabedyan's Divergent Thinking Blog
Adding CSRF security in Spring based Web application
wrote 1 week ago: Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CS … more →
Software Security - Best Practices
wrote 1 week ago: The best way to secure your product, is building security in from the start. Most businesses view se … more →
Cookie Tossing in the Middle
wrote 3 weeks ago: In the past I’ve talked about one way to get in the middle as an attacker and use Burp as a Mi … more →
Common OAuth issue you can use to take over accounts
— 4 comments
wrote 1 month ago: TLDR; This is a post about a CSRF issue in OAuth I found where if a victim visited a malicious site … more →
Sitecore 6.6: CSRF form field is missing
— 2 comments
wrote 1 month ago: In the latest version of Sitecore 6.6 (release 13.04.04) I sometimes get this error: Exception: Site … more →
CSRF
wrote 1 month ago: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet Cross-Site … more →
CSRF - Cross Site Request Forgery
wrote 2 months ago: What is CSRF or Cross Site Request Forgery ? allows an attacker to capture and replay a previous req … more →
Anatomy of an exploit - Linksys router remote password change hole
— 7 comments
wrote 2 months ago: A security researcher from San Jose in California has published a how-to guide detailing a number of … more →
Do not rely on Client Side validations
wrote 2 months ago: Do not rely on client side validations. When writing code for displaying information for some specif … more →
Secure Development Series: Authorization
wrote 2 months ago: Authorization and Authentication are both important aspects to secure development. Come check out ou … more →
Common .NET ViewstateUserKey CSRF Issue
— 5 comments
wrote 2 months ago: I’ve added the 2013BH tag to all posts related to my recent Blackhat EU talk – more post … more →
Hacking Google users with Google's GooPass phishing attack - Hacking News
wrote 3 months ago: Hacking Google users with Google’s GooPass phishing attack – Hacking News. … more →
Google GooPass
wrote 3 months ago: Peneliti Keamanan Christy Philip Mathew telah menemukan vulnerabilities CSRF dan ClickJacking di goo … more →
Newly Installed Layout Redirects Controller Actions to Log Out
wrote 3 months ago: Time for another lesson I’ve been banging my head for days because of this particular bug of o … more →
ymgt先生のCookieMonster有りの場合のCSRF対策について
wrote 3 months ago: http://yamagata.int21h.jp/d/?date=20130302#p01 についてです。 実は、私も似た事を考えていました。 複数の同じ名前のCookieがあるという異常な状態を作 … more →
hsgw先生のXMLHttpRequestを使ったCSRF対策について
— 5 comments
wrote 3 months ago: http://d.hatena.ne.jp/hasegawayosuke/20130302/p1 について サーバ側でセッション管理せずに済むというメリットはでかくていいですね。 ログインの有無も関係 … more →
Nice to have::PHP cookie stealer
wrote 4 months ago: Here is the simple Cookie Stealer code Version One: Cookie stored in File <?php $cookie = $HTTP_G … more →
.NET MVC AntiforgeryToken CSRF Testing
— 4 comments
wrote 4 months ago: Besides work being busy, I’m heads down ramping up my Blackhat EU talk, which is mostly about … more →
Validating .NET MVC 4 anti forgery tokens in ajax requests
— 2 comments
wrote 4 months ago: CSRF (Cross-Site Request Forgery) is an attack against a website “whereby unauthorized command … more →
