Saturday, October 16, 2010

Automated detection of CSRF-worthy HTML forms through 4-pass reverse-Diff analysis

In general, the majority of vulnerability detection techniques depend on fairly simple injections of strings and subsequent blind pattern matching of the body of the induced HTTP response.These vulnerabilities include, but are not limited to, XSS, SQL Injection, File Inclusion which require no awareness of context but straightforward brute-force.However,there are types of vulnerabilities like Blind SQL Injection and Cross-Site Request Forgery (CSRF or XSRF) that do require a certain awareness of the context under which the audit and discovery occurs. In the case of CSRF even this is not enough as CSRF, due to its abstract nature, covers a great range of scenarios, most of them completely benign.Thus, automated CSRF detection traditionally creates a great deal of noise.This paper is aimed towards demonstrating a fairly simple technique, dubbed “4-pass rDiff CSRF detection”, in order to diminish such noise by easing the process of context establishment, i.e. allow Web Application Security Scanners to determine which HTML Form elements are worthy of being reported as vulnerable to CSRF.

Download PDF

No comments: