Surf's Up! Exploring Cross Site Request Forgery (CSRF) through Social Network Exploitation

Presented at The Next HOPE (2010), July 17, 2010, 4 p.m. (60 minutes).

Web application security has progressed by leaps and bounds since first being discussed in the early 2000s. XSS, SQLi, Directory Traversals, and other traditional attacks are becoming more widely understood by a greater demographic of developers. Unfortunately, we are just scratching the surface. There still exists a great number of attack vectors that are ignored. Cross Site Request Forgery is a prime example of this. It is a simple technique with powerful implications ranging from denial of service and firewall bypass to full blown site compromise. The theory of CSRF will be presented here in simple to understand terms. An example of a virulent exploit of a real world social networking site (Vampirefreaks.com) using CSRF will also be shown.

Presenters:

  • Daniel McCarney
    Daniel McCarney is a bizarre combination of stereotypes, backgrounds, and interests ranging from counter culture to artificial intelligence. Interested in a career of lifelong learning, Daniel considers knowledge a weapon and aims to arm you and himself.

Links:

Similar Presentations: