Neil Daswani daswani at cs.stanford.edu
Sat Jun 7 16:20:16 EDT 2008

There are lots of sources both on the web and off that explain how
CSRF works.  Following are two:

* Prof. John Mitchell from Stanford provides a verbal + slide
explanation of how regular and login CSRF works (with a code example)
in the May 14th, 2008 archived webinar at:


It also illustrates how CSRF is used to conduct pharming attacks.

(Just click "View FREE archived webinars!")

* Christoph Kern wrote up an running code example on CSRF/XSRF (with
mitigation strategies) for our book as part of the chapter on
cross-domain attacks, and you can access it at:


(The URL above points directly to the relevant section, but you may
need to read a few of the preceding pages to get the context.)

Hope that helps!

-- Neil

On Fri, Jun 6, 2008 at 10:59 PM, GsNaseer Gs <gsnas29 at yahoo.co.in> wrote:
> Hi,
> Can anybody explain me how CSRF works, (with some code example)
> Thanks
> ________________________________
> From Chandigarh to Chennai - find friends all over India. Click here.


-- Neil

My book, "Foundations of Security: What Every Programmer Needs To
Know" is available at http://tinyurl.com/33xs6g

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn

More information about the websecurity mailing list