Jump to content
Nytro

DEFCON 17: CSRF: Yeah, It Still Works

By Nytro, in Tutoriale video

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]DEFCON 17: CSRF: Yeah, It Still Works[/h]Speakers:

Mike "mckt" Bailey ASS

Russ McRee ASS

Bad News: CSRF is nasty, it's everywhere, and you can't stop it on the client side.

Good News: It can do neat things.

CSRF is likely amongst the lamest security bugs available, as far as "cool" bugs go.

In essence, the attack forces another user's browser to do something on your behalf.

If that user is an authenticated user or an administrator on a website, the attack can be used to escalate privilege.

We've identified an endless stream of applications, platforms, critical infrastructure devices, and even wormable hybrid attacks, many of which require little or no Javascript (XSS).

The key takeaway is this: a vulnerability that is so easily prevented can lead to absolute mayhem, particularly when bundled with other attacks. Worse still, identifying the attacker is even more difficult as the attack occurs in the context of the authenticated user.

The presentation will discuss a variety of attack scenarios, as well as suggested mitigation.

For more information visit: DEFCON

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...