[WEB SECURITY] CSRF Help

Neil Daswani daswani at cs.stanford.edu
Sat Jun 7 16:20:16 EDT 2008


There are lots of sources both on the web and off that explain how
CSRF works.  Following are two:

* Prof. John Mitchell from Stanford provides a verbal + slide
explanation of how regular and login CSRF works (with a code example)
in the May 14th, 2008 archived webinar at:

http://scpd.stanford.edu/scpd/courses/ProEd/CompSecCampus/

It also illustrates how CSRF is used to conduct pharming attacks.

(Just click "View FREE archived webinars!")

* Christoph Kern wrote up an running code example on CSRF/XSRF (with
mitigation strategies) for our book as part of the chapter on
cross-domain attacks, and you can access it at:

http://tinyurl.com/3pcnv6

(The URL above points directly to the relevant section, but you may
need to read a few of the preceding pages to get the context.)

Hope that helps!

-- Neil
http://www.neildaswani.com


On Fri, Jun 6, 2008 at 10:59 PM, GsNaseer Gs <gsnas29 at yahoo.co.in> wrote:
>
> Hi,
>
> Can anybody explain me how CSRF works, (with some code example)
>
> Thanks
>
> ________________________________
> From Chandigarh to Chennai - find friends all over India. Click here.


--
Sincerely,

-- Neil
http://www.neildaswani.com

My book, "Foundations of Security: What Every Programmer Needs To
Know" is available at http://tinyurl.com/33xs6g

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list