Via GNUCitizen -
Cross-Site Request Forgery has been all over the press recently since several major sites and web applications were plagued by exploits and uncovered vulnerabilities - including GMail, Google AdSense and many others. When talking to developers about CSRF there’s mostly not that much knowledge and a lot of misconceptions and FUD. Sometimes the term CSRF hasn’t even been heard of before. So, with this article, I will try to provide a basic explanation about the attack pattern itself, come up with several real word examples and finally summarize a list of things developers can do to protect their sites against CSRF attacks.
-------------------------
Check out the full blog above for all the CSRF details. It isn't a new attack, but it seems to be on everyone's radar now...so learn up.
No comments:
Post a Comment