On last.fm: Visual radio - New on Last.fm!
BNET Business Network:
BNET
TechRepublic
ZDNet

FREE Registration is required

Overview:

Cross-Site Request Forgery (CSRF) is a widely exploited web site vulnerability. This paper presents a new variation on CSRF attacks, login CSRF, in which the attacker forges a cross-site request to the login form, logging the victim into the honest web site as the attacker. The severity of login CSRF vulnerability varies by site, but it can be as severe as a cross-site scripting vulnerability. It detailed three major CSRF defense techniques and find shortcomings with each technique. Its observations do suggest, however, that the header can be used today as a reliable CSRF defense over HTTPS, making it particularly well-suited for defending against login CSRF. It also proposes that browsers implement the Origin header, which provides the security benefits of the Referer header while responding to privacy concerns.

(Is this item miscategorized? Does it need more tags? Let us know.)

Format:PDFSize:3,023 KB
Date:Oct 2008
Pages:13

Top results from Security Management

White Paper The Essential Guide: Real-Time High Availability for Exchange - Replicate Exchange Data for Improved Resiliency
Webcast Quest Connect Archive: white papers, demos and more!
Webcast E-Business Suite Spotlight Video
White Paper Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
Webcast Webcast: Smart Techniques for application security: whitebox + blackbox testing.

» View all Security Management listings

Top results from Network Security

White Paper The Essential Guide: Real-Time High Availability for Exchange - Replicate Exchange Data for Improved Resiliency
White Paper Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
Webcast Webcast: Smart Techniques for application security: whitebox + blackbox testing.
White Paper Managing a growing threat: An Executive's Guide to Web Application Security
White Paper Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

» View all Network Security listings

advertisement

White Papers, Webcasts, and Resources

Featured Training Courses

advertisement

Returning users: Log In Here!

Already registered on BNET, TechRepublic, or ZDNet? Simply log in.

Free Membership: Sign Up Now!

Sign up for a free membership today and get instant and unlimited access to one of the largest databases of white papers, webcasts, and casestudies anywhere. Your FREE membership allows you to:

  • Download an unlimited amount of content, including classic and current white papers, case studies, webcasts and more
  • Track content on your chosen topics of interest
  • Receive targeted email alerts when your favorite content is added
  • Save content for future reading
  • Receive our member newsletter

When you register to access this library, you allow us to share your information with companies that produce products or services featured in the library--so that such companies may contact you with information and offers regarding their products and services. This enables us to keep the library a free service. As a library registrant, you will receive a complimentary subscription to the ZDNet white paper newsletter and e-mail Must-Read News Alerts. You can unsubscribe from these at any time. By clicking the Sign up button, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy (updated).