Article Archive

Application security April 21, 2011 Russ McRee
OWASP Top 10 Deeper Dive – A5: Cross-Site Request Forgery (CSRF)
Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF vulnerabilities; you have to step through the app as described above and test against locally installed vulnerable applications and devices unless you have explicit permission to test remote applications per an approved penetration testing engagement....