Cross Site Request Forgery

Last week I attended a web application security workshop presented by the SANS Institute. While a majority of the content was a review for me, I did learn about one type of attack I was not familiar with, the Cross Site Request Forgery (CSRF) attack. This type of attack, also known as session riding, has been around for awhile and is really pretty simple.


Jason Dean's Gravatar Nathan - Great Post! CSRF has been on my list of things to research. I did not realize how easy it could be either. Thanks for the clear explanation!
# Posted By Jason Dean | 6/28/08 1:04 PM
Phil's Gravatar Yeah, Its crazily simple to do - amazing so many webdevlopers haven't heard of it and dont write their websites/applications to combat such an exploit
# Posted By Phil | 8/26/08 10:58 AM
BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.