[Owasp-leaders] CSRF

Dave Wichers dave.wichers at owasp.org
Tue May 28 23:53:26 UTC 2013


It deserves being explained in the OWASP article on CSRF. This is a bit too
detailed for the 1 page we have on each Top 10 item in my opinion.

-Dave

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Eoin
Sent: Tuesday, May 28, 2013 6:28 PM
To: Gunnar Peterson
Cc: OWASP Leaders
Subject: Re: [Owasp-leaders] CSRF

Is this explained properly in the new top 10?? I don't recall seeing this.


Eoin Keary
Owasp Global Board
+353 87 977 2988


On 28 May 2013, at 23:24, Gunnar Peterson <gunnar at arctecgroup.net> wrote:

> three things come to mind
> 
> 1. if you have a large enough pool of users and want to brute force
> 
> 2. or simply try and lock out a bunch of users, and force them to a weaker
scheme (questions) that you can wedge into
> 
> 3. if the site caches creds somewhere and you can reinstantiate that way
> 
> -gunnar
> 
> 
> 
> On May 28, 2013, at 5:17 PM, Eoin wrote:
> 
>> Does CSRF ing a login page make sense to anyone :)
>> 
>> 
>> Eoin Keary
>> Owasp Global Board
>> +353 87 977 2988
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list