Russ McRee

Russ McRee is a senior security analyst, researcher, and founder of, where he advocates a holistic approach to the practice of information assurance. He is also a security researcher for InfoSec Institute.

His predominant focuses are incident response and web application security; he does both as team leader of Microsoft Online Service’s Security Incident Management team.

Russ speaks and writes frequently on information security topics; including toolsmith, a monthly column for the ISSA Journal.

IBM’s ISS X-Force cited him as the 6th ranked Top Vulnerability Discoverers of 2009.

Application security April 21, 2011 Russ McRee

OWASP Top 10 Deeper Dive – A5: Cross-Site Request Forgery (CSRF)

Description: Parsing the OWASP Top Ten with a closer look at Cross-Site Request Forgery (CSRF). No freely available or open source tools "automagically" discovers CSRF vulnerabilities; you have to step through the app as described above and test against locally installed vulnerable applications and devices unless you have explicit permission to test remote applications per an approved penetration testing engagement.