[Owasp-leaders] CSRF

martin.knobloch at owasp.org martin.knobloch at owasp.org
Wed May 29 13:17:31 UTC 2013


Port scanning is not illegal in the Netherlands! ;)
 
Sent from my BlackBerry® smartphone

-----Original Message-----
From: Giorgio Fedon <giorgio.fedon at owasp.org>
Sender: owasp-leaders-bounces at lists.owasp.org
Date: Wed, 29 May 2013 15:14:10 
To: gaz Heyes<gazheyes at gmail.com>; Eoin<eoin.keary at owasp.org>
Cc: OWASP Leaders<owasp-leaders at lists.owasp.org>
Subject: Re: [Owasp-leaders] CSRF

Incrimination is something that may happen by forcing a user doing
something illegal.
This range includes portscanning, downloading illegal content, forcing
him sending XSS or SQL injection or path traversal attempts... it does
not characterize specifically CSRF issues.


On 05/29/2013 11:38 AM, gaz Heyes wrote:
> On 28 May 2013 23:25, Eoin <eoin.keary at owasp.org
> <mailto:eoin.keary at owasp.org>> wrote:
>
>     Does anyone have any attacks, case studies which result in REAL
>     risk to a business??
>
>
> A few years ago I did an attack on del.icio.us <http://del.icio.us>
> where it logged you in as a user, you could then see what the user
> bookmarked. For web services it's a valid attack on privacy. Would
> also work to incriminate a user.
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-- 
| Giorgio Fedon, Owasp Italy
|
| In Input Validation 
|            and Output Sanitization, 
|                                   We Trust
--
| Web: https://www.owasp.org/index.php/Italy
|_____________________________________________.

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list