[WEB SECURITY] How are you tackling CSRF?

Jeremiah Grossman jeremiah at whitehatsec.com
Fri Apr 22 14:30:54 EDT 2011

Hi All,

	Over the last year I've been noticing increased interest and awareness of Cross-Site Request Forgery (CSRF). A welcome change as for most of the last decade few considered CSRF a vulnerability at all, but an artifact of the way the web was designed. But, the as it normally happens, the bad guys have been showing us how damaging CSRF can really be. 

To help bring more clarity we've recently published a detailed blog post describing how our testing methodology approaches CSRF. What we're interested is how other pen-testers and developers are tackling the issue because automated detection is currently of limited help.

WhiteHat Security’s Approach to Detecting Cross-Site Request Forgery (CSRF)

FYI: Several weeks ago we launched our new blog, where I'll be diverting all my web security material. We've been piling up new content: https://blog.whitehatsec.com/


Jeremiah Grossman
Chief Technology Officer
WhiteHat Security, Inc.

More information about the websecurity mailing list