RE: [WEB SECURITY] automated source code tool for CSRF attacks?

From: Belles, Mark (Kansas City) <Mark.Belles_at_nospam>
Date: Mon Feb 25 2008 - 15:49:15 GMT
To: "Andre Gironda" <andreg@gmail.com>, "WASC Forum" <websecurity@webappsec.org>

I've still got the source code. I'll see if I can track it down and get it to Arian for reposting. It certainly was an interesting project.

> I'm not waxing philosophical here. I'm speaking from over a
> decade of hard-earned experience. Mark Belles and I created
> a WAF to do this far more elegantly than the CSRF Guard
> project years ago, and subsequently learned the ways
> tokens do not work.

How does it work (if you can remember and discuss)?

Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/

Subscribe via RSS:
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

This message: [ Message body ]
Next message: Schmidt, Albert E: "[WEB SECURITY] Scanners that look for sensitive information"
Previous message: Andre Gironda: "Re: [WEB SECURITY] Certification for web application security professionals"
In reply to: Andre Gironda: "Re: [WEB SECURITY] automated source code tool for CSRF attacks?"
Next in thread: Chris Weber (Casaba Security): "Re: [WEB SECURITY] automated source code tool for CSRF attacks?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]