[WEB SECURITY] CSRF Exploitability?
Rohit Pitke
rohirp92 at yahoo.com
Wed Apr 27 13:24:31 EDT 2011
Hello,
I always see some resistance from product teams to implements CSRF protection
with the argument that
This attacks requires too many prerequisites. User has to logged-in. Has to be
enticed to click on some link. Has to click on that link etc etc.
I know that social engineering is prevalent and enticing is not very remote
possibility.
But want to know how do you guys impart importance of CSRF among your product
teams?
Are you aware of any exploitation method other than social engineering/link
enticing?
I am interested in knowing thoughts about this and not about technical details
of exploitation as I am aware of them.
Thanks,
Rohit Pitke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110427/8cc28904/attachment.html>
More information about the websecurity
mailing list