[Owasp-leaders] CSRF

Eoin eoin.keary at owasp.org
Tue May 28 22:25:11 UTC 2013


It's a bit bullshitty :)

And you assume the victim Does not notice they are not logged into their account, but rather yours (the attacker).

Does anyone have any attacks, case studies which result in REAL risk to a business??




Eoin Keary
Owasp Global Board
+353 87 977 2988


On 28 May 2013, at 23:20, Jim Manico <jim.manico at owasp.org> wrote:

> For sure.
> 
> For example, if I can CSRF you to log into a Google account that I
> control, I can then track all of your Google searches.
> 
> This is edge case, but still viable.
> 
> - Jim
> 
>> Does CSRF ing a login page make sense to anyone :)
>> 
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 


More information about the OWASP-Leaders mailing list