csrf | Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky

csrf defenses at app sec usa

Jeanne Boyarsky — Thu, 21 Nov 2013 20:08:46 +0000

speaker: Ari Elias-Bachrach Overview Most defenses work 80% of the time. Does your app fall into the 80%? CSRF sometimes pronounced c-surf CSRF attack uses browser to perform action without user consent Vulnerable if all params predictable. Then can put … Continue reading →

The post csrf defenses at app sec usa first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

csrf defenses at app sec usa was first posted on November 21, 2013 at 3:08 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

csrf for JForum without javascript

Jeanne Boyarsky — Sat, 23 Mar 2013 16:03:54 +0000

In February, I wrote a three part series on how we fixed JForum on coderanch to protect from CSRF. In included; Analysis Extending OWASP Problems Remaining problems Unfortunately, there were three remaining problems. Some mobile devices weren’t able to handle … Continue reading →

The post csrf for JForum without javascript first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

csrf for JForum without javascript was first posted on March 23, 2013 at 12:03 pm.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

fixing csrf for jforum and csrf filter analysis (part 1)

Jeanne Boyarsky — Sat, 09 Feb 2013 15:50:01 +0000

This post goes through how we fixed CSRF (cross site request forgery) in JForum, issues encountered and approach. It is useful reading for anyone who needs to protect against CSRF on their website. Background Stock JForum has a number of … Continue reading →

The post fixing csrf for jforum and csrf filter analysis (part 1) first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

fixing csrf for jforum and csrf filter analysis (part 1) was first posted on February 9, 2013 at 10:50 am.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

csrf – jforum cleanup and problems

Jeanne Boyarsky — Sat, 09 Feb 2013 15:47:26 +0000

See part 1 for how we got here and part 2 for how we changed the OWASP filter. Code cleanup and problems There is some poorly written code in JForum that CSRF now prevents from working. In these cases, I needed … Continue reading →

The post csrf – jforum cleanup and problems first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

csrf – jforum cleanup and problems was first posted on February 9, 2013 at 10:47 am.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net

csrf – extending the owasp solution and “interesting” IE javascript bugs (part 2)

Jeanne Boyarsky — Sat, 09 Feb 2013 15:34:59 +0000

While implementing CSRF for JForum, I needed to extend the OWASP solution. Let me tell you, they don’t make it easy to extend. Lots of final. Here’s what I did – linked to code on github. To read about the … Continue reading →

The post csrf – extending the owasp solution and “interesting” IE javascript bugs (part 2) first appeared on Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky.

csrf – extending the owasp solution and “interesting” IE javascript bugs (part 2) was first posted on February 9, 2013 at 10:34 am.
©2019 "Down Home Country Coding With Scott Selikoff and Jeanne Boyarsky". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at scott@selikoff.net