Wednesday, August 12, 2009

Dynamic Cross-Site Request Forgery (CSRF) White Paper

This is the white paper on Dynamic Cross-Site Request Forgery. This attack was covered by Nathan Hamiel and Shawn Moyer at Black Hat US 2009 and Defcon 17. This paper outlines the issue and gives a couple of examples of attacks using the Dynamic CSRF vector.

Download PDF

see also http://www.neohaxor.org/2009/08/11/dynamic-cross-site-request-forgery/

No comments: