[ OWASP - Montreal ] [ OWASP - Montréal ] XSFR/CSFR testing difficulty level
benoit.guerette at gmail.com
Mon Dec 1 14:44:58 EST 2008
> Some XSRF are very easy to find. Most "logout" feature are vulnerable to xsrf.
How do you flag this on a pen test report. It is a vulnerability,
resulting in a denial of service, but with low impact.
Any Cross-site scripting vulnerability mean PCI-DSS failed on a
report, so for PCI failed.
But other pen test, do you mark it as low, and the business will
decide if they fixed it or not?
More information about the Owasp-montreal