Your SlideShare is downloading. ×
Cross Site Request Forgery
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Cross Site Request Forgery


Published on

Talk on CSRF I gave at work that talks about CSRF, how to prevent it and how frameworks can make prevention nearly automatic.

Talk on CSRF I gave at work that talks about CSRF, how to prevent it and how frameworks can make prevention nearly automatic.

Published in: Technology

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • Transcript

    • 1.
        • Presented by Tony Bibbs
        • May 20, 2008
      Cross Site Request Forgeries
    • 2. Rasmus Lerdorf “ The Web is broken and it's all your fault.”
    • 3. “ There is no metric for compliance with a 'culture', and a 'culture of security' is overridden by a culture of 'get the job done' every time.” Jon Espenschied
    • 4. Common Coding Vulnerabilities
      • Injection Flaws (SQL, LDAP, XPath, etc)‏
      • Cross Site Scripting (XSS)‏
      • Cross Site Request Forgeries (CSRF)‏
      • Buffer Overflows
    • 5. CSRF Defined
      • Cross-site request forgery, also known as one click attack, sidejacking or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a type of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.
    • 6. “ Same Origin” Policy document, cookies XHR XHR TAG TAG JS
    • 7. How CSRF Works
      • GET requests are the easiest:
        • - Beware “src” and “href” attributes
      • POST aren't immune:
        • <body onload=”document.forms[0].submit()”>
        • <form method=”POST” action=”_url_”>
          • <input type=”hidden” name=”amount” value=”$1,000” />
        • </form>
    • 8. What Can a Hacker Do With CSRF?
      • Anything an authenticated user can do. Click links, submit forms, complete multi-step wizards.
      • Launch external attacks on Intranet sites.
      • No restrictions on same origin policy but are limited in that hackers can't read responses from other origins
    • 9. Trivial CSRF Exploit
    • 10. Exploiting Otherwise Secure Networks
    • 11. CSRF Prevention
      • Avoid Persistent Sessions
      • Use GET method properly
      • Token-based checks with TTL.
      • Double Authenticate via AJAX (read cookie via JS and submit in the body).
      • Code reviews.
    • 12. Framework-based Security
      • Framework implementations force security precautions.
      • PHP Examples: Flexy, Tainted Variables
      • CSRF prevention in PHP framework.
    • 13. CSRF Resources
      • CSRFGuard (Java, .NET and PHP)‏
      • CSRTTester
    • 14. Enterprise CSRF Mitigation
    • 15. Questions?
    • 16. Contacting Me
      • [email_address]
      • (515)281-6125
    • 17. Credits
      • Some material in this presentation is covered by the OWASP license, specifically work by Eric Sheridan
      • Any of my own contributions are also covered by the OWASP license which can be found at