Welcome Guest, Not a member yet? Register   Sign In
CSRF - Penetration Test
#1

Interesting post on stack overflow. The OP is asking how to overcome the CSRF system flaw that testing has (supposedly) revealed.

I'm wondering if the assessment is valid. Thoughts?
Reply
#2

(11-30-2018, 10:49 PM)dave friend Wrote: Interesting post on stack overflow. The OP is asking how to overcome the CSRF system flaw that testing has (supposedly) revealed.

I'm wondering if the assessment is valid. Thoughts?

https://www.owasp.org/index.php/Cross-Si...mit_Cookie
Reply
#3

(11-30-2018, 11:17 PM)Paradinight Wrote:
(11-30-2018, 10:49 PM)dave friend Wrote: Interesting post on stack overflow. The OP is asking how to overcome the CSRF system flaw that testing has (supposedly) revealed.

I'm wondering if the assessment is valid. Thoughts?

https://www.owasp.org/index.php/Cross-Si...mit_Cookie

Yes, I read all the OWASP stuff again before posting and I recognize the CI scheme as being "double submit cookie".

What I'm uncertain of is if the SO post has exposed a site that is not fully secured or is the CI scheme what the Blackhat article calls a Naïve Double Submit?

Or maybe it's a case of the security team that the SO post is dealing with doesn't understand all they know?
Reply




Theme © iAndrew 2016 - Forum software by © MyBB