WebApp Sec mailing list archives
Re: blocking CSRF attacks
From: "Sverre H. Huseby" <shh-ml () thathost com>
Date: Sat, 15 Dec 2007 18:48:48 +0100
[Sorry for not replying to the original post, but I lost it.] I wrote this six years ago: http://shh.thathost.com/text/client-side-trojans.txtThe history of CSRF is quite long, and the problem has been given several names (not sure if the links still work, as this is a list I made a couple of years ago):
* May 2000: Jim Fulton writes about it on zope.org http://www.zope.org/Members/jim/ZopeSecurity/ClientSideTrojan Name: Client-side Trojan * May 2000: Referenced on Linux Weekly News http://lwn.net/2000/features/Redirect.php3 * May 2000: Referenced on kuro5hin.org, including demo of having people post messages to slashdot. http://www.kuro5hin.org/story/2000/5/9/183550/1910 * June 2001: Peter W describes it on BugTraq http://www.securityfocus.com/archive/1/191390 Name: Cross-Site Request Forgeries * December 2004: Thomas Schreiber writes about it on webappsec http://www.securityfocus.com/archive/107/384630 Name: Session Riding Sverre. -------------------------------------------------------------------------Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- blocking CSRF attacks Pawan (Dec 12)
- Re: blocking CSRF attacks makkalot (Dec 14)
- Re: blocking CSRF attacks Jan Heisterkamp (Dec 14)
- Re: blocking CSRF attacks Sverre H. Huseby (Dec 15)
- Re: blocking CSRF attacks Paul Johnston (Dec 15)
- RE: blocking CSRF attacks Boaz Shunami (Dec 19)
- <Possible follow-ups>
- Re: blocking CSRF attacks Daniel Weber (Dec 14)
- Re: FW: blocking CSRF attacks Paul Johnston (Dec 19)
- Re: FW: blocking CSRF attacks Martin Johns (Dec 22)
- Re: FW: blocking CSRF attacks Amit Klein (Dec 22)
- RE: FW: blocking CSRF attacks Boaz Shunami (Dec 22)