Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
7Activity
0 of .
Results for:
No results containing your search query
P. 1
PHP Security Crash Course - 3 - CSRF

PHP Security Crash Course - 3 - CSRF

Ratings:

4.5

(2)
|Views: 428|Likes:
Published by kaplumb_aga
Stefan Esser's "PHP Security Crash Course - 3- CSRF" slides from Dutch PHP Conference 2009
Stefan Esser's "PHP Security Crash Course - 3- CSRF" slides from Dutch PHP Conference 2009

More info:

Published by: kaplumb_aga on Aug 06, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

06/10/2013

pdf

text

original

Stefan Esser \u2022 PHP Security Crash Course at Dutch PHP Conference 2009 \u2022 June 2009 \u2022
Part III
Cross Site Request Forgery (CSRF / XSRF)
1
Stefan Esser \u2022 PHP Security Crash Course at Dutch PHP Conference 2009 \u2022 June 2009 \u2022
What is Cross Site Request Forgery?
\u2022quite unknown class of attack on web applications with
potential high damage potential
\u2022abuses the trust of a web application in the victim\u2018s
browser
2
Stefan Esser \u2022 PHP Security Crash Course at Dutch PHP Conference 2009 \u2022 June 2009 \u2022
\u201eBlind\u201c Browser Trust (I)
\u2022Classic web applications trust the security features of
other layers to ensure the origin of a HTTP request

\u2022TCP/IP / IPSEC / VPN
\u2022SSL
\u2022Session Cookies

\u2022All these features ensure that a HTTP Request can be
assigned to a browser session
3

Activity (7)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
quit_you liked this
Shahbaz Ashraf liked this
jay_esh liked this
absolut4466 liked this
dnayak1 liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->