[WEB SECURITY] what is this attack called?

Brian Eaton eaton.lists at gmail.com
Mon Dec 19 19:27:03 EST 2005


On 12/19/05, Martin Straka <straka at fido.cz> wrote:
> This is Cross Site Request Forgery attack aka CSRF.
>
> > Anybody have links to further information on this kind of attack?
>
> http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00216.html
> http://wikipedia.org/wiki/Cross-Site_Request_Forgery
> http://www.securenet.de/papers/Session_Riding.pdf
> http://shiflett.org/archive/90
> http://www.squarefree.com/securitytips/web-developers.html#CSRF

Yes, this is just what I was looking for.  Thanks.

- Brian

---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list