[WEB SECURITY] CSRF Exploitability?
rohirp92 at yahoo.com
Wed Apr 27 13:24:31 EDT 2011
I always see some resistance from product teams to implements CSRF protection
with the argument that
This attacks requires too many prerequisites. User has to logged-in. Has to be
enticed to click on some link. Has to click on that link etc etc.
I know that social engineering is prevalent and enticing is not very remote
But want to know how do you guys impart importance of CSRF among your product
Are you aware of any exploitation method other than social engineering/link
I am interested in knowing thoughts about this and not about technical details
of exploitation as I am aware of them.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity