<ul><ul><li>Presented by Tony Bibbs </li></ul></ul><ul><ul><li>May 20, 2008 </li></ul></ul>Cross Site Request Forgeries
Rasmus Lerdorf “ The Web is broken and it's all your fault.”
“ There is no metric for compliance with a 'culture', and a 'culture of security' is overridden by a culture of 'get the j...
Common Coding Vulnerabilities <ul><li>Injection Flaws (SQL, LDAP, XPath, etc)‏ </li></ul><ul><li>Cross Site Scripting (XSS...
CSRF Defined <ul><li>Cross-site request forgery, also known as one click attack, sidejacking or session riding and abbrevi...
“ Same Origin” Policy document, cookies bank.com blog.net XHR XHR TAG TAG JS
How CSRF Works <ul><li>GET requests are the easiest: </li></ul><ul><ul><li>- Beware “src” and “href” attributes </li></ul>...
What Can a Hacker Do With CSRF? <ul><li>Anything  an authenticated user can do. Click links, submit forms, complete multi-...
Trivial CSRF Exploit
Exploiting Otherwise Secure Networks
CSRF Prevention <ul><li>Avoid Persistent Sessions </li></ul><ul><li>Use GET method properly </li></ul><ul><li>Token-based ...
Framework-based Security <ul><li>Framework implementations force security precautions. </li></ul><ul><li>PHP Examples: Fle...
CSRF Resources <ul><li>CSRFGuard (Java, .NET and PHP)‏ </li></ul><ul><li>CSRTTester </li></ul>
Enterprise CSRF Mitigation
Questions?
Contacting Me <ul><li>[email_address] </li></ul><ul><li>(515)281-6125 </li></ul>
Credits <ul><li>Some material in this presentation is covered by the OWASP license, specifically work by Eric Sheridan </l...
Upcoming SlideShare
Loading in...5
×

Cross Site Request Forgery

3,533

Published on

Talk on CSRF I gave at work that talks about CSRF, how to prevent it and how frameworks can make prevention nearly automatic.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
3,533
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
186
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Cross Site Request Forgery

    1. 1. <ul><ul><li>Presented by Tony Bibbs </li></ul></ul><ul><ul><li>May 20, 2008 </li></ul></ul>Cross Site Request Forgeries
    2. 2. Rasmus Lerdorf “ The Web is broken and it's all your fault.”
    3. 3. “ There is no metric for compliance with a 'culture', and a 'culture of security' is overridden by a culture of 'get the job done' every time.” Jon Espenschied
    4. 4. Common Coding Vulnerabilities <ul><li>Injection Flaws (SQL, LDAP, XPath, etc)‏ </li></ul><ul><li>Cross Site Scripting (XSS)‏ </li></ul><ul><li>Cross Site Request Forgeries (CSRF)‏ </li></ul><ul><li>Buffer Overflows </li></ul>
    5. 5. CSRF Defined <ul><li>Cross-site request forgery, also known as one click attack, sidejacking or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a type of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts. </li></ul>
    6. 6. “ Same Origin” Policy document, cookies bank.com blog.net XHR XHR TAG TAG JS
    7. 7. How CSRF Works <ul><li>GET requests are the easiest: </li></ul><ul><ul><li>- Beware “src” and “href” attributes </li></ul></ul><ul><li>POST aren't immune: </li></ul><ul><ul><li><body onload=”document.forms[0].submit()”> </li></ul></ul><ul><ul><li><form method=”POST” action=”_url_”> </li></ul></ul><ul><ul><ul><li><input type=”hidden” name=”amount” value=”$1,000” /> </li></ul></ul></ul><ul><ul><li></form> </li></ul></ul>
    8. 8. What Can a Hacker Do With CSRF? <ul><li>Anything an authenticated user can do. Click links, submit forms, complete multi-step wizards. </li></ul><ul><li>Launch external attacks on Intranet sites. </li></ul><ul><li>No restrictions on same origin policy but are limited in that hackers can't read responses from other origins </li></ul>
    9. 9. Trivial CSRF Exploit
    10. 10. Exploiting Otherwise Secure Networks
    11. 11. CSRF Prevention <ul><li>Avoid Persistent Sessions </li></ul><ul><li>Use GET method properly </li></ul><ul><li>Token-based checks with TTL. </li></ul><ul><li>Double Authenticate via AJAX (read cookie via JS and submit in the body). </li></ul><ul><li>Code reviews. </li></ul>
    12. 12. Framework-based Security <ul><li>Framework implementations force security precautions. </li></ul><ul><li>PHP Examples: Flexy, Tainted Variables </li></ul><ul><li>CSRF prevention in PHP framework. </li></ul>
    13. 13. CSRF Resources <ul><li>CSRFGuard (Java, .NET and PHP)‏ </li></ul><ul><li>CSRTTester </li></ul>
    14. 14. Enterprise CSRF Mitigation
    15. 15. Questions?
    16. 16. Contacting Me <ul><li>[email_address] </li></ul><ul><li>(515)281-6125 </li></ul>
    17. 17. Credits <ul><li>Some material in this presentation is covered by the OWASP license, specifically work by Eric Sheridan </li></ul><ul><li>Any of my own contributions are also covered by the OWASP license which can be found at http://www.owasp.org. </li></ul>
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×