[WEB SECURITY] On Session Riding, Client-side Trojans and Cross-site Request Forgeries

Sverre H. Huseby shh at thathost.com
Wed May 4 15:54:11 EDT 2005

[Bill Pennington]

|   Just because it is everywhere does not mean it is not horribly
|   broken :-)


|   Developers do look at these things the "wrong" way all the time.

Very true.

|   For sure Insufficient Authorization is a big nasty bucket where a
|   lot of stuff ends up in. I would not be opposed to breaking it
|   into a few smaller chunks.

That would be an interesting, probably long-lasting exercise.  Does
anyone have the time it takes to dig into it?


shh at thathost.com               My web security book: Innocent Code
http://shh.thathost.com/       http://innocentcode.thathost.com/

The Web Security Mailing List

More information about the websecurity mailing list