[Owasp-leaders] CSRF

gaz Heyes gazheyes at gmail.com
Wed May 29 09:38:39 UTC 2013


On 28 May 2013 23:25, Eoin <eoin.keary at owasp.org> wrote:

> Does anyone have any attacks, case studies which result in REAL risk to a
> business??
>

A few years ago I did an attack on del.icio.us where it logged you in as a
user, you could then see what the user bookmarked. For web services it's a
valid attack on privacy. Would also work to incriminate a user.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130529/16fc04f3/attachment.html>


More information about the OWASP-Leaders mailing list