CSRF - Penetration Test |
(11-30-2018, 11:17 PM)Paradinight Wrote:(11-30-2018, 10:49 PM)dave friend Wrote: Interesting post on stack overflow. The OP is asking how to overcome the CSRF system flaw that testing has (supposedly) revealed. Yes, I read all the OWASP stuff again before posting and I recognize the CI scheme as being "double submit cookie". What I'm uncertain of is if the SO post has exposed a site that is not fully secured or is the CI scheme what the Blackhat article calls a Naïve Double Submit? Or maybe it's a case of the security team that the SO post is dealing with doesn't understand all they know? |
Messages In This Thread |
CSRF - Penetration Test - by dave friend - 11-30-2018, 10:49 PM
RE: CSRF - Penetration Test - by Paradinight - 11-30-2018, 11:17 PM
RE: CSRF - Penetration Test - by dave friend - 12-02-2018, 09:32 AM
|