[Owasp-o2-platform] Are .NET WebServices vulnerable to CSRF?

dinis cruz dinis.cruz at owasp.org
Fri Feb 3 16:43:20 UTC 2012


While developing TeamMentor <http://teammentor.github.com> I implemented a
number of WebServices (consumed via jQuery) and now on its final push for
release I want to double check that they are not vulnerable to CSRF.

There isn't a lot of good information out there and it seems that in .NET,
*.asmx are protected by default to CSRF, with a possible exception of an
exploit scenario using Flash (to set the cookies)

Anybody has more info?

Dinis Cruz

Blog: http://diniscruz.blogspot.com
Twitter: http://twitter.com/DinisCruz
Web: http://www.owasp.org/index.php/O2
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20120203/5337c0b2/attachment.html>


More information about the Owasp-o2-platform mailing list