「CSRF」に関連した動画の一覧 |
 | Cross Site Request Forgery (CSRF) Cross Site Request Forgery is an attack which results in a request being submitted on the user's behalf without their consent. 2010年04月23日再生回数 6155 |
 | Part I: CSRF security flaw on Facebook | How to build a silent CSRF worm Multiple vulnerabilities have been discovered in Facebook by our team, and this part shows a possible exploitation of a CSRF security flaw on the social network. We created a silent CSRF worm that is able to catch any user's information (private photos, wall, etc). It also ensures its own replication. Partie II: XSS security flaws on Facebook www.youtube.com Follow us on twitter: @johnjean www.wargan.com 2010年10月03日再生回数 4367 |
 | Cross-Site Request Forgery (CSRF) Quick Overview www.aachen-method.com Check it out and sign up! 2009年03月10日再生回数 7548 |
 | DEFCON 17: CSRF: Yeah, It Still Works Speakers: Mike "mckt" Bailey ASS Russ McRee ASS Bad News: CSRF is nasty, it's everywhere, and you can't stop it on the client side. Good News: It can do neat things. CSRF is likely amongst the lamest security bugs available, as far as "cool" bugs go. In essence, the attack forces another user's browser to do something on your behalf. If that user is an authenticated user or an administrator on a website, the attack can be used to escalate privilege. We've identified an endless stream of applications, platforms, critical infrastructure devices, and even wormable hybrid attacks, many of which require little or no Javascript (XSS). The key takeaway is this: a vulnerability that is so easily prevented can lead to absolute mayhem, particularly when bundled with other attacks. Worse still, identifying the attacker is even more difficult as the attack occurs in the context of the authenticated user. The presentation will discuss a variety of attack scenarios, as well as suggested mitigation. For more information visit: bit.ly To download the video visit: bit.ly 2011年01月16日再生回数 712 |
 | Discovering CSRF using OWASP's CSRFTester tool Using CSRFTester I have discovered some CSRF's in a membership web application. Notified the developers of these flaws in their application on March 7th 2010. OWASP CSRF Project - www.owasp.org Backtrack tool requests/bugtrack - redmine.backtrack-linux.org 2010年03月11日再生回数 3976 |
 | DVWA CSRF in this demo i will show how to use OWASP CSRFTester to discover a XSRF vulne. 2010年12月01日再生回数 1567 |
 | Cross Site Request Forgery CSRF (made by Crash Overron) Credits go out to infinityexists.com For more information go to: infinityexists.com August 14th, 2009 by Patchy In this Underground video, Crash Overron explains CSRF (Cross Site Request Forgery), and how it can be used to force a users browser into performing an undesirable action on a website. Basically, CSRF tricks a browser into requesting a web page that is design to perform a specific function such as changing user settings. Furthermore, if the page allows GET variables, an attacker can modify that users settings. Commonly, CSRF attacks are hidden in image html tags. 2009年10月27日再生回数 2300 |
 | CSRF Protection with PHP Cross Site Request Forgery is a very easy security bug to miss. 2012年04月20日再生回数 241 |
 | Cross-Site Request Forgery (CSRF) Protection Against CSRF Part 1 www.aachen-method.com Check it out and sign up! 2009年03月12日再生回数 3337 |
 | Damn Vulnerable Web App - CSRF with OWASP CSRFTester. Good evening and welcome to my demonstraton. Tonight I will be attacking the CSRF Section of the DVWA. I'll be using Firefox, FireBug, FoxyProxy, OWASP's CSRFTester and good ol' Kate all available in the awesome Back|Track4. Ill capture a genuine HTTP request to change password, using CSRFTester and FoxyProxy; then edit the HTTP request from GET to POST with Kate - to show the proof of concept, ill then open this edited HTTP request with firefox and forge a password request from the Web Application. During the password change, Ill edit the page with FireBug to show the password change. Hope you enjoy and check out defensive-attack-formation.net for more research. d3m0n35 2011年01月17日再生回数 1805 |
CSRFに関連した本
- 世紀末の詩 野島 伸司 ワニブックス
- Microsoft .NET Web アプリケーションセキュリティ (インド人著者執筆による日本語翻訳済みIT書籍シリ-ズ) Vijay Mukhi イノソフトジャパン