One of the most interesting (in other words, “dangerous”) vulnerabilities that almost every existing web application falls victim to is cross-site request forgery (CSRF – “sea-surf”). CSRF is a type of malicious attack vector whereby unauthorized commands are transmitted from a user that the website trusts. It is an example of the confused deputy problem. This is different than the widely-known cross-site scripting (XSS) in that CSRF exploits the trust that a site has in the user’s browser, and XSS exploits the trust a user has for a particular web site.
Categories
Archives
Recent Posts
- Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1
- Now available: Unix and Linux System Administration Handbook, 4th edition
- The Barking Seal Q3 2010 is Here and Filled with Goodies!
- A Gentle Infrastructure Monitoring Reminder
- AppliedTrust Goes Drupal!
- Information Security and Running, Long Lost Brothers?
- An IT lesson from the BP disaster
- AppliedTrust sponsors “Laps for Learning”
- AppliedTrust featured on One Day, One Job!
- issues.apache.org compromised by XSS vulnerability
Recent Comments
- Big D on Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1
- trent on Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1
- Big D on Slow network performance for Windows Server 2008 guest on vmware ESXi 4.1
- The Barking Seal » Blog Archive » A Gentle Infrastructure Monitoring Reminder on Interpreting Packet Traces with Wireshark (Part 1 of n)
- Drew on An IT lesson from the BP disaster
- GKhamait on Monitoring site-to-site VPNs on a Cisco ASA
- Onthebus on MS SQL Mirroring for High Availability
- casandpoint on Encrypted Storage in the Cloud
- Ben Edelen on issues.apache.org compromised by XSS vulnerability
- dan on Social Engineering, Part Two