Csrf classification v1, till 2010

556 views

Published on

This classification matters the evolution of CSRF attacks up to 2010. It is not up-to-date and your critics are welcome. It ist meant as attachment to my B.Sc. thesis from 2010.
The thesis is presented to the
Department of Electrical Engineering and Information Sciences
of the Ruhr-University of Bochum
Chair of Network and Data Security
of the Ruhr-University of Bochum,
Horst-Görtz Institute,
Prof. Jörg Schwenk

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
556
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Csrf classification v1, till 2010

  1. 1. CSRF Classification Classification Implementation/ parameters Techniques Extracting data Adding or modifying data Intent Compromising Web Site s/ Web Applications reputation Compromising Internet transactions Spam Compromising Router/ Firewall rules Input Source Same Origin attacks Cross Origin Attacks <img>- Tag Logout- link Static CSRF Session riding Token- manipulation Techniques <iframe> - Tag <script>- Tag XMLHttpRequest - Object HTTP Redirect HTTP Redirect Dynamic CSRF HTML- based Token fixation Dynamic CSRF POST- based Dynamic CSRF Compounded CSRF Samy- worm Fast-fluxing SQLIATable 1: Classification of the CSRF attacking vectorK.Deltchev, Krassen.Deltchev@rub.de

×