[OWASP-Switzerland] XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications

Frédéric BOURLA frederic.bourla at htbridge.ch
Fri Feb 3 09:17:15 UTC 2012



2 weeks ago, we have published a technical article regarding the
exploitation of a few vulnerabilities that we have disclosed last year.
Indeed, these alerts have been criticized by a self-proclaimed security
expert in US who thought it was only “design features”, thus spreading
misinformation among unaware people. We therefore decided to shed light on
this story and explain people that our alerts really dealt with true
vulnerabilities, and that it is in their interest do apply patches.


This technical article has been written by our head of R&D, who was one of
the first author of Web Applications Attacks book, and it will hopefully
rise awareness by demonstrating that post-authentication vulnerabilities are
quite often underestimated in the IT Security field. It has been published
by Pentest Magazine, and the teaser is available for free on their website.
As suggested by Sven VETSCH, I thought that OWASP’s readers would have been
interested by this article
 So please feel free to share this knowledge.


More info and direct link on


Best regards,





Frédéric BOURLA
Head of Ethical Hacking Department

High-Tech Bridge SA 
World Trade Center II
Route de Pré-Bois 29
CH - 1215 Geneva 15
Tel  +41 22 723 24 24

Dir  +41 22 560 68 13

Fax +41 22 560 68 30

 <https://www.htbridge.ch> https://www.htbridge.ch


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-switzerland/attachments/20120203/04312ae2/attachment.html>

More information about the Owasp-Switzerland mailing list