Let's Go CSRF'n Now!

Presented at Notacon 10 (2013), April 20, 2013, 3 p.m. (60 minutes)

In a discussion focused on Cross Site Request Forgery (CSRF), explore the trust vulnerability and walk through a demonstration of the exploit in action. Understand how these attacks happen and what they look like from the perspective of both victim AND attacker. Walk away with a grasp on the security implications of this weakness as well as understanding why the attack is possible and what steps should be done to prevent it. This session is a 45 minute demo with a 15 minute Q&A after. It is an advanced technical session intended for technicians, engineers, and developers with interest in web application security.

Presenters:

• grap3_ap3
  A vulnerability researcher, penetration tester, and social engineer, I am a professional breaker. A parent, biker, and security professional, I find my skillset constantly adapting to the most current techniques. A penetration tester and vulnerability researcher based in Columbus, Ohio, I have performed security assessments for clients ranging from financial institutions, e-commerce, telecommunications, manufacturing, education and government agencies, as well as international corporations. I focus on epitomizing the attackers in the wild in hopes of helping organizations and individuals understand how to avoid being victimized. My talks tend to be engaging, full of energy, and dynamic to meet the expectations of the audience.

Links:

• https://web.archive.org/web/20130531015208/http://www.notacon.org:80/event-information-2/speakers-and-presenters/#gr4p3ap3
• https://infocon.org/cons/notacon/notacon 10 - 2013/Let's Go CSRF'n Now - grap3 ap3.mp4

Similar Presentations:

• ToorCon San Diego 18 (2016) / CSRF in the Modern Age: Sidestepping the CORS Standard
• The Next HOPE (2010) / Surf's Up! Exploring Cross Site Request Forgery (CSRF) through Social Network Exploitation
• DEF CON 16 (2008) / CSRF Bouncing†