Blog Posts Tagged with "CSRF"

C492d23f3758cf5cdee0b35b74cc36f1

Five Rules to Conduct a Successful Cybersecurity RFP

February 16, 2016 Added by:Ilia Kolochenko

It becomes more and more difficult to distinguish genuine security companies, with solid in-house technologies, and experts with flashy marketing and FUD (Fear, Uncertainty, Doubt) tactics. This makes the process of cybersecurity RFP (Request For Proposal) more complicated and challenging for organizations of all sizes.

Comments  (0)

514b2ac354098d84c07620f2591193b2

OWASP Vulnerability Deep Dive: CSRF

October 30, 2013 Added by:Kyle Adams

While OWASP has been around for a long time, and many security experts are aware of their top 10 web vulnerability report, I thought it would be beneficial to elaborate and share a bit more color on each one. This blog series will focus on some of the most common web attack vectors, how they are exploited, some examples, and finally how to prevent the exploit on your own applications.

Comments  (0)

6648b1abd4a9b964566c3690613f20a6

OpenX CSRF Vulnerability Being Actively Exploited

April 30, 2012 Added by:Mark Baldwin

This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...

Comments  (2)

E313765e3bec84b2852c1c758f7244b6

Malicious Exploits: Hitting the Internet Waves with CSRF Part 2

March 27, 2012 Added by:Brent Huston

Using the HTTP specified usage for GET and POST, in which GET requests never have a permanent effect, while good practice is not sufficient to prevent CSRF. Attackers can write JavaScript or ActionScript that invisibly submits a POST from to the target domain...

Comments  (0)

E313765e3bec84b2852c1c758f7244b6

Malicious Exploits: Hitting the Internet Waves with CSRF

March 13, 2012 Added by:Brent Huston

DHS ranks the CSRF vulnerability as the 909th most dangerous software bug, more dangerous than most buffer overflows. CSRF vulnerabilities can result in remote code execution with root privileges or compromise root certificates, completely undermining a public key infrastructure...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech Webaccess Multiple Vulnerabilities

February 17, 2012 Added by:Headlines

ICS-CERT received reports of eighteen vulnerabilities in BroadWin WebAccess. These vulnerabilities include Cross-site scripting (XSS), SQL injection, Cross-site report forgery (CSRF)and Authentication issues. Public exploits are known to target these vulnerabilities...

Comments  (0)

Ebdbfa1c3de4d826bbe7fe360c211ecc

Dynamic AJAX CSRF Attack Vector Vulnerability

January 09, 2012 Added by:Shay Chen

Many CSRF prevention mechanisms protect the user by requiring session-specific tokens or custom headers as additional input for action performing modules, and since "normal" CSRF can't analyze responses, these mechanisms prevent most of these attacks - until now...

Comments  (0)