Submit Search
Upload
CSRF Web Vulnerabilities – Nikita Makeyev
•
Download as ODP, PDF
•
0 likes
•
521 views
Luna Web
Follow
CSRF Web Vulnerabilities – Nikita Makeyev Submitted for BarCamp Memphis 2010
Read less
Read more
Technology
Report
Share
Report
Share
1 of 10
Download now
Recommended
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
InMobi Technology
Cross site scripting
Cross site scripting
Bilal Mazhar MS(IS)Cyber Security II Privacy Professional
Cross Site Scripting
Cross Site Scripting
Ali Mattash
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert Box
Aaron Weaver
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVC
Suvash Shah
XSS- an application security vulnerability
XSS- an application security vulnerability
Soumyasanto Sen
Blind XSS & Click Jacking
Blind XSS & Click Jacking
n|u - The Open Security Community
Recommended
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
InMobi Technology
Cross site scripting
Cross site scripting
Bilal Mazhar MS(IS)Cyber Security II Privacy Professional
Cross Site Scripting
Cross Site Scripting
Ali Mattash
Cross Site Scripting Going Beyond the Alert Box
Cross Site Scripting Going Beyond the Alert Box
Aaron Weaver
CSRF Attack and Its Prevention technique in ASP.NET MVC
CSRF Attack and Its Prevention technique in ASP.NET MVC
Suvash Shah
XSS- an application security vulnerability
XSS- an application security vulnerability
Soumyasanto Sen
Blind XSS & Click Jacking
Blind XSS & Click Jacking
n|u - The Open Security Community
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
Cross site scripting
Cross site scripting
n|u - The Open Security Community
Cross site scripting
Cross site scripting
kinish kumar
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)
Nabin Dutta
The Cross Site Scripting Guide
The Cross Site Scripting Guide
Daisuke_Dan
Stateless Anti-Csrf
Stateless Anti-Csrf
johnwilander
Cross site scripting XSS
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
Xss (cross site scripting)
Xss (cross site scripting)
vinayh.vaghamshi _
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Barrel Software
Cross site scripting attacks and defenses
Cross site scripting attacks and defenses
Mohammed A. Imran
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
Web security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutions
Fabio Lombardi
CSRF Basics
CSRF Basics
n|u - The Open Security Community
STORED XSS IN DVWA
STORED XSS IN DVWA
Rutvik patel
Cross site scripting (xss)
Cross site scripting (xss)
Ritesh Gupta
Cross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting Explained
Valency Networks
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
Michael Hendrickx
Clickjacking DevCon2011
Clickjacking DevCon2011
Krishna T
Cross site scripting
Cross site scripting
ashutosh rai
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web Applications
Netcetera
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanning
zulla
More Related Content
What's hot
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
Cross site scripting
Cross site scripting
n|u - The Open Security Community
Cross site scripting
Cross site scripting
kinish kumar
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)
Nabin Dutta
The Cross Site Scripting Guide
The Cross Site Scripting Guide
Daisuke_Dan
Stateless Anti-Csrf
Stateless Anti-Csrf
johnwilander
Cross site scripting XSS
Cross site scripting XSS
Ronan Dunne, CEH, SSCP
Xss (cross site scripting)
Xss (cross site scripting)
vinayh.vaghamshi _
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Barrel Software
Cross site scripting attacks and defenses
Cross site scripting attacks and defenses
Mohammed A. Imran
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
Ikhade Maro Igbape
Web security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutions
Fabio Lombardi
CSRF Basics
CSRF Basics
n|u - The Open Security Community
STORED XSS IN DVWA
STORED XSS IN DVWA
Rutvik patel
Cross site scripting (xss)
Cross site scripting (xss)
Ritesh Gupta
Cross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting Explained
Valency Networks
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
Michael Hendrickx
Clickjacking DevCon2011
Clickjacking DevCon2011
Krishna T
Cross site scripting
Cross site scripting
ashutosh rai
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
What's hot
(20)
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Cross site scripting
Cross site scripting
Cross site scripting
Cross site scripting
Cross Site Scripting(XSS)
Cross Site Scripting(XSS)
The Cross Site Scripting Guide
The Cross Site Scripting Guide
Stateless Anti-Csrf
Stateless Anti-Csrf
Cross site scripting XSS
Cross site scripting XSS
Xss (cross site scripting)
Xss (cross site scripting)
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Cross site scripting attacks and defenses
Cross site scripting attacks and defenses
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
Web security: OWASP project, CSRF threat and solutions
Web security: OWASP project, CSRF threat and solutions
CSRF Basics
CSRF Basics
STORED XSS IN DVWA
STORED XSS IN DVWA
Cross site scripting (xss)
Cross site scripting (xss)
Cross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting Explained
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
Clickjacking DevCon2011
Clickjacking DevCon2011
Cross site scripting
Cross site scripting
A8 cross site request forgery (csrf) it 6873 presentation
A8 cross site request forgery (csrf) it 6873 presentation
Viewers also liked
ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web Applications
Netcetera
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanning
zulla
Vulnerabilities in Web Applications
Vulnerabilities in Web Applications
Venkat Ramana Reddy Parine
Hudson Enterprises, Inc. Brand Optimization Service PowerPoint
Hudson Enterprises, Inc. Brand Optimization Service PowerPoint
Hudson Enterprises, Inc.
Matt DeLong - Freelancer to Business Owner
Matt DeLong - Freelancer to Business Owner
Luna Web
Better QR Coding
Better QR Coding
Luna Web
Matt DeLong - PCI Compliant Ecommerce Options
Matt DeLong - PCI Compliant Ecommerce Options
Luna Web
Ppt fahminudin alfin is amazing ferpec universitas terbuka from indonesia
Ppt fahminudin alfin is amazing ferpec universitas terbuka from indonesia
Alpienn Chakeff Alfarell
Hudson Enterprises, Inc. Web Design PowerPoint
Hudson Enterprises, Inc. Web Design PowerPoint
Hudson Enterprises, Inc.
Identifying Cross Site Scripting Vulnerabilities in Web Applications
Identifying Cross Site Scripting Vulnerabilities in Web Applications
Porfirio Tramontana
Exploring web vulnerabilities
Exploring web vulnerabilities
Information Technology Society Nepal
Gamification - BarCamp Jonesboro
Gamification - BarCamp Jonesboro
Luna Web
Dltv2014 ict in schools
Dltv2014 ict in schools
Helen Otway
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
Viewers also liked
(14)
ONE Conference: Vulnerabilities in Web Applications
ONE Conference: Vulnerabilities in Web Applications
Defcon 20-zulla-improving-web-vulnerability-scanning
Defcon 20-zulla-improving-web-vulnerability-scanning
Vulnerabilities in Web Applications
Vulnerabilities in Web Applications
Hudson Enterprises, Inc. Brand Optimization Service PowerPoint
Hudson Enterprises, Inc. Brand Optimization Service PowerPoint
Matt DeLong - Freelancer to Business Owner
Matt DeLong - Freelancer to Business Owner
Better QR Coding
Better QR Coding
Matt DeLong - PCI Compliant Ecommerce Options
Matt DeLong - PCI Compliant Ecommerce Options
Ppt fahminudin alfin is amazing ferpec universitas terbuka from indonesia
Ppt fahminudin alfin is amazing ferpec universitas terbuka from indonesia
Hudson Enterprises, Inc. Web Design PowerPoint
Hudson Enterprises, Inc. Web Design PowerPoint
Identifying Cross Site Scripting Vulnerabilities in Web Applications
Identifying Cross Site Scripting Vulnerabilities in Web Applications
Exploring web vulnerabilities
Exploring web vulnerabilities
Gamification - BarCamp Jonesboro
Gamification - BarCamp Jonesboro
Dltv2014 ict in schools
Dltv2014 ict in schools
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Similar to CSRF Web Vulnerabilities – Nikita Makeyev
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Samvel Gevorgyan
Advanced xss
Advanced xss
Gajendra Saini
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
Attackers Vs Programmers
Attackers Vs Programmers
robin_bene
Web Application Security
Web Application Security
Chris Hillman
A4 A K S H A Y B H A R D W A J
A4 A K S H A Y B H A R D W A J
bhardwajakshay
Web Security
Web Security
Supankar Banik
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities
Jbyte
Seguridad Web by Jordan Diaz
Seguridad Web by Jordan Diaz
Jordan Diaz
Owasp top 10 vulnerabilities 2013
Owasp top 10 vulnerabilities 2013
Vishrut Sharma
Intro to Web Application Security
Intro to Web Application Security
Rob Ragan
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
yashvirsingh48
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
Shreeraj Shah
Security Tech Talk
Security Tech Talk
Mallikarjun Reddy
Web application attacks
Web application attacks
hruth
Hack using firefox
Hack using firefox
Reza Nurfachmi
Hacking Techniques
Hacking Techniques
Ishaq Mohammed
Watch How the Giants Fall
Watch How the Giants Fall
jtmelton
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
.NET Security Topics
.NET Security Topics
Shawn Gorrell
Similar to CSRF Web Vulnerabilities – Nikita Makeyev
(20)
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
CROSS-SITE REQUEST FORGERY - IN-DEPTH ANALYSIS 2011
Advanced xss
Advanced xss
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Attackers Vs Programmers
Attackers Vs Programmers
Web Application Security
Web Application Security
A4 A K S H A Y B H A R D W A J
A4 A K S H A Y B H A R D W A J
Web Security
Web Security
Web Aplication Vulnerabilities
Web Aplication Vulnerabilities
Seguridad Web by Jordan Diaz
Seguridad Web by Jordan Diaz
Owasp top 10 vulnerabilities 2013
Owasp top 10 vulnerabilities 2013
Intro to Web Application Security
Intro to Web Application Security
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
Security Tech Talk
Security Tech Talk
Web application attacks
Web application attacks
Hack using firefox
Hack using firefox
Hacking Techniques
Hacking Techniques
Watch How the Giants Fall
Watch How the Giants Fall
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
.NET Security Topics
.NET Security Topics
More from Luna Web
Get More Leads Through Your Website
Get More Leads Through Your Website
Luna Web
How to Use Your Website to Get More Leads
How to Use Your Website to Get More Leads
Luna Web
Neuromarketing 101 - A Primer
Neuromarketing 101 - A Primer
Luna Web
It's the People Stupid. Why Story Matters to Brands.
It's the People Stupid. Why Story Matters to Brands.
Luna Web
NeuroMarketing - Intro Game Mechanics
NeuroMarketing - Intro Game Mechanics
Luna Web
Online Media Planning
Online Media Planning
Luna Web
Marketing Campaigns That Killed It (and some that didn't)
Marketing Campaigns That Killed It (and some that didn't)
Luna Web
Triggers & Gamificaiton
Triggers & Gamificaiton
Luna Web
Highlights from Search Engine Strategies, NY,NY 2011
Highlights from Search Engine Strategies, NY,NY 2011
Luna Web
QR Code Best Practice
QR Code Best Practice
Luna Web
"Memphis, Y U Not Use Hashtags" by: Aaron Prather
"Memphis, Y U Not Use Hashtags" by: Aaron Prather
Luna Web
Social Networking for Training Professionals - ASTD
Social Networking for Training Professionals - ASTD
Luna Web
Social Networking Primer
Social Networking Primer
Luna Web
More from Luna Web
(13)
Get More Leads Through Your Website
Get More Leads Through Your Website
How to Use Your Website to Get More Leads
How to Use Your Website to Get More Leads
Neuromarketing 101 - A Primer
Neuromarketing 101 - A Primer
It's the People Stupid. Why Story Matters to Brands.
It's the People Stupid. Why Story Matters to Brands.
NeuroMarketing - Intro Game Mechanics
NeuroMarketing - Intro Game Mechanics
Online Media Planning
Online Media Planning
Marketing Campaigns That Killed It (and some that didn't)
Marketing Campaigns That Killed It (and some that didn't)
Triggers & Gamificaiton
Triggers & Gamificaiton
Highlights from Search Engine Strategies, NY,NY 2011
Highlights from Search Engine Strategies, NY,NY 2011
QR Code Best Practice
QR Code Best Practice
"Memphis, Y U Not Use Hashtags" by: Aaron Prather
"Memphis, Y U Not Use Hashtags" by: Aaron Prather
Social Networking for Training Professionals - ASTD
Social Networking for Training Professionals - ASTD
Social Networking Primer
Social Networking Primer
Recently uploaded
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Deakin University
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
BookNet Canada
costume and set research powerpoint presentation
costume and set research powerpoint presentation
phoebematthew05
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Safe Software
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
LBM Solutions
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
ngoud9212
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
null - The Open Security Community
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Recently uploaded
(20)
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
costume and set research powerpoint presentation
costume and set research powerpoint presentation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
CSRF Web Vulnerabilities – Nikita Makeyev
1.
2.
3.
4.
5.
OR
6.
performs an action
upon a POST request
7.
but doesn't differentiate
between POST
8.
9.
10.
a server action
request and includes it as
11.
a src of
an image or a script on a bunch of
12.
13.
14.
https://www.mybank.com/account.php ,
15.
logs in and
then happens to visit one of
16.
17.
18.
https://www.mybank.com/account.php
19.
every day and
attempts to use the forgot
20.
21.
22.
Site relying on
user identity
23.
Attacker able to
find a form submission or a URL that performs action
24.
25.
26.
No damage ceiling
27.
The attack is
silent
28.
Easily mountable
29.
30.
31.
Only use POST
to initiate actions
32.
Checking the HTTP
Referrer header
33.
34.
Editor's Notes
ASK: how many freelancers? ASK: How many business owners?
Download now