[Owasp-leaders] CSRF

Giorgio Fedon giorgio.fedon at owasp.org
Wed May 29 13:14:10 UTC 2013


Incrimination is something that may happen by forcing a user doing
something illegal.
This range includes portscanning, downloading illegal content, forcing
him sending XSS or SQL injection or path traversal attempts... it does
not characterize specifically CSRF issues.


On 05/29/2013 11:38 AM, gaz Heyes wrote:
> On 28 May 2013 23:25, Eoin <eoin.keary at owasp.org
> <mailto:eoin.keary at owasp.org>> wrote:
>
>     Does anyone have any attacks, case studies which result in REAL
>     risk to a business??
>
>
> A few years ago I did an attack on del.icio.us <http://del.icio.us>
> where it logged you in as a user, you could then see what the user
> bookmarked. For web services it's a valid attack on privacy. Would
> also work to incriminate a user.
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-- 
| Giorgio Fedon, Owasp Italy
|
| In Input Validation 
|            and Output Sanitization, 
|                                   We Trust
--
| Web: https://www.owasp.org/index.php/Italy
|_____________________________________________.



More information about the OWASP-Leaders mailing list