[WEB SECURITY] CSRF Exploitability?

Rohit Pitke rohirp92 at yahoo.com
Wed Apr 27 13:24:31 EDT 2011


Hello,

I always see some resistance from product teams to implements CSRF protection 
with the argument that

This attacks requires too many prerequisites. User has to logged-in. Has to be 
enticed to click on some link. Has to click on that link etc etc.

I know that social engineering is prevalent and enticing is not very remote 
possibility.

But want to know how do you guys impart  importance of CSRF among your product 
teams?
Are you aware of any exploitation method other than social engineering/link 
enticing?

I am interested in knowing thoughts about this and not about technical details 
of exploitation as I am aware of them.

Thanks,
Rohit Pitke
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110427/8cc28904/attachment-0003.html>


More information about the websecurity mailing list