[Owasp-leaders] CSRF

Eoin eoin.keary at owasp.org
Wed May 29 09:51:47 UTC 2013


Indeed user incrimination came to mind.
Thanks!

Eoin Keary
Owasp Global Board
+353 87 977 2988


On 29 May 2013, at 10:38, gaz Heyes <gazheyes at gmail.com> wrote:

> On 28 May 2013 23:25, Eoin <eoin.keary at owasp.org> wrote:
>> Does anyone have any attacks, case studies which result in REAL risk to a business??
> 
> A few years ago I did an attack on del.icio.us where it logged you in as a user, you could then see what the user bookmarked. For web services it's a valid attack on privacy. Would also work to incriminate a user.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130529/9a8a01b9/attachment.html>


More information about the OWASP-Leaders mailing list