November 2014
Intermediate to advanced
144 pages
3h 6m
English
CSRF proof of concept (PoC) Generator is the most useful nonessential tool provided by the Pro version of Burp Suite. This simply takes any request and automatically writes the HTML code for doing a PoC for cross-site request forgery.
Cross-site request forgery is mentioned in the OWASP top-10 risks applications face. Any security testing of a web application without checking for CSRF defenses is incomplete. Burp Suite does the grunt work of generating a PoC HTML page that can be used by the tester to see whether the application checks for CSRF defenses, such as a valid token.
All we have to do is choose a HTTP request, right-click on it, and navigate to Engagement tools | Generate CSRF PoC.
The ideal candidate ...
Read now
Unlock full access