Cross Site Request Forgery

Last week I attended a web application security workshop presented by the SANS Institute. While a majority of the content was a review for me, I did learn about one type of attack I was not familiar with, the Cross Site Request Forgery (CSRF) attack. This type of attack, also known as session riding, has been around for awhile and is really pretty simple.

[More]

Comments
Jason Dean's Gravatar Nathan - Great Post! CSRF has been on my list of things to research. I did not realize how easy it could be either. Thanks for the clear explanation!
# Posted By Jason Dean | 6/28/08 1:04 PM
Phil's Gravatar Yeah, Its crazily simple to do - amazing so many webdevlopers haven't heard of it and dont write their websites/applications to combat such an exploit
# Posted By Phil | 8/26/08 10:58 AM
BlogCFC was created by Raymond Camden. This blog is running version 5.8.001.