Surf’s Up! Exploring Cross Site Request Forgery (CSRF) through Social Network Exploitation

<p> Web application security has progressed by leaps and bounds since first being discussed in the early 2000s. XSS, SQLi, Directory Traversals, and other traditional attacks are becoming more widely understood by a greater demographic of developers. Unfortunately, we are just scratching the surface. There still exists a great number of attack vectors that are ignored. Cross Site Request Forgery is a prime example of this. It is a simple technique with powerful implications ranging from denial of service and firewall bypass to full blown site compromise. </p> <p> The theory of CSRF will be presented here in simple to understand terms. An example of a virulent exploit of a real world social networking site (Vampirefreaks.com) using CSRF will also be shown. </p>

Presented by