[ OWASP - Montreal ] [ OWASP - Montréal ] XSFR/CSFR testing difficulty level

Benoit Guerette benoit.guerette at gmail.com
Mon Dec 1 14:44:58 EST 2008


> Some XSRF are very easy to find. Most "logout" feature are vulnerable to xsrf.

How do you flag this on a pen test report. It is a vulnerability,
resulting in a denial of service, but with low impact.

Any Cross-site scripting vulnerability mean PCI-DSS failed on a
report, so for PCI failed.

But other pen test, do you mark it as low, and the business will
decide if they fixed it or not?


More information about the Owasp-montreal mailing list