June 2017
Intermediate to advanced
338 pages
8h 28m
English
CSRF attacks (sometimes pronounced sea-surf) hide the actual intent of a referred action and bury it in a forged request. The user wants to believe the page as-rendered (because hey, it came from my trusted web app!) and thus has no reason to investigate the underlying hidden fields or requested actions buried into the body or header, which in fact launch a malicious action against the server. Through these attacks, hackers can have users unwittingly launch the attacks on the server with the benefit of using their authenticated session as a Trojan Horse of sorts.
Scanning for the potential existence of a CSRF vulnerability is included in the scanning and spidering functions of most proxy scanner--Burp Suite, ...
Read now
Unlock full access