Cross-Site request forgery – Web site attack

30 ביוני 2011

The web is full of security vulnerabilities, I'm going to describe some in my blog Here's a one that most developers are not aware of it's called CSRF (Cross-Site request forgery) It's not a very common one but easily can be deadly. Unlike other security vulnerabilities that usually exploit the fact a user has some permissions to a specific site , this one depends on a simple fact that a site trust's a user's browser. Trusting the user browser means that a web site will trust the browser's cookies without questioning the source of the...
no comments