[ OWASP - Montreal ] [ OWASP - Montréal ] XSFR/CSFR testing difficulty level

Philippe Gamache philippe at gamache.com
Mon Dec 1 23:47:17 EST 2008

Benoit Guerette wrote:
> How do you flag this on a pen test report. It is a vulnerability,
> resulting in a denial of service, but with low impact.
> Any Cross-site scripting vulnerability mean PCI-DSS failed on a
> report, so for PCI failed.
> But other pen test, do you mark it as low, and the business will
> decide if they fixed it or not?
There is way to block any connection using this... Exemple, display an 
image from an other site.  This site will just have to do a rewrite the 
response with an 401 errors, redirecting to your login... 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: philippe.vcf
Type: text/x-vcard
Size: 131 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-montreal/attachments/20081201/e7fff5aa/attachment.vcf 

More information about the Owasp-montreal mailing list