• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
CSRF - Penetration Test

#1
Interesting post on stack overflow. The OP is asking how to overcome the CSRF system flaw that testing has (supposedly) revealed.

I'm wondering if the assessment is valid. Thoughts?
Reply

#2
(11-30-2018, 11:49 PM)dave friend Wrote: Interesting post on stack overflow. The OP is asking how to overcome the CSRF system flaw that testing has (supposedly) revealed.

I'm wondering if the assessment is valid. Thoughts?

https://www.owasp.org/index.php/Cross-Si...mit_Cookie
Reply

#3
(12-01-2018, 12:17 AM)Paradinight Wrote:
(11-30-2018, 11:49 PM)dave friend Wrote: Interesting post on stack overflow. The OP is asking how to overcome the CSRF system flaw that testing has (supposedly) revealed.

I'm wondering if the assessment is valid. Thoughts?

https://www.owasp.org/index.php/Cross-Si...mit_Cookie

Yes, I read all the OWASP stuff again before posting and I recognize the CI scheme as being "double submit cookie".

What I'm uncertain of is if the SO post has exposed a site that is not fully secured or is the CI scheme what the Blackhat article calls a Naïve Double Submit?

Or maybe it's a case of the security team that the SO post is dealing with doesn't understand all they know?
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2018 MyBB Group.