The problem: CSRF.
Jeremiah Grossman's explanation of the problem at RSA 08 :
http://www.slideshare.net/guestdb261a/csrfrsa2008jeremiahgrossman-349028/
OWASP CSRF Overview:
http://www.owasp.org/index.php/CSRF
Testing for CSRF:
http://www.owasp.org/index.php/CSRFTester
Java Filter for CSRF Protection:
http://www.owasp.org/index.php/CSRF_Guard
Java ESAPI Defense:
org.owasp.esapi.HTTPUtilities.addCSRFToken(String href)
Plaform's with built-in CSRF defense:
Drupal.org
Saturday, April 12, 2008
Monday, April 7, 2008
ha.ckers.org pwnd?
It's strange and disheartening to see ha.ckers.org "down" this evening. I hope it's only unscheduled maintenance. I would hate to see the pwnders get pwnd!
Another interesting note: ha.ckers.org uses Wordpress? Ewwwwwwwwwwwwwwwwwww
Another interesting note: ha.ckers.org uses Wordpress? Ewwwwwwwwwwwwwwwwwww
Subscribe to:
Posts (Atom)