Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) is an extremely popular attack vector. Outside attackers often use it to perform transactions on corporate intranet applications that are not accessible externally. CSRF takes advantage of the vulnerable application’s inability to distinguish legitimate transaction requests against requests from the victim’s browser that are a result of malicious client-side code. As with XSS, the scope of this chapter is beyond simple CSRF tactics. This section assumes the reader is familiar with the concept of CSRF. The goal of this section is to illustrate how sophisticated attackers can combine CSRF and other attacks to maximize exploitation.
Note
To gather some elementary knowledge about CSRF, visit http://www.owasp.org/index.php/CSRF.
Inside-Out Attacks
Attacking internal network resources from the outside adds a bit of complexity and typically changes an attacker’s attack landscape. Attacks against internal resources are often targeted toward large corporations with large numbers of network devices and enterprise software that create a target-rich environment for the attacker. In this section, we’ll discuss a scenario in which the attacker is able to remotely manipulate an internal employee’s web browser to attack the internal resources of a large corporation.
The typical internal corporate web application is protected from access from attackers on the Internet by the use of corporate firewalls. The basic illustration in Figure 2-6 ...
Get Hacking: The Next Generation now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
