SlideShare a Scribd company logo

Cross Site Request Forgery Vulnerabilities

Download as PPT, PDF
Marco Morana, profile picture
Marco Morana

The document summarizes a meeting agenda about cross-site request forgery (CSRF). The agenda includes discussing CSRF's placement in the OWASP Top 10, describing the CSRF threat and impact, explaining how CSRF works, providing a threat scenario example, discussing CSRF attack vectors, and covering CSRF countermeasures and testing methods.

TechnologyDesign
1 of 15
Downloaded 100 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Cross Site Request Forgery Deep Dive In Cincinnati Chapter Meeting May 27 th , 2008 [email_address]
Agenda TBD OWASP Publications OWASP Tools Demo By Blaine Wilson OWASP Cincinnati Local Chapter Final Questions
Place of CSRF in the OWASP Top 10 2007 Cross Site Scripting (XSS) Injection Flaws Insecure Remote File Include Insecure Direct Object Reference Cross Site Request Forgery (CSRF) Information Leakage and Improper Error Handling Broken Authentication and Session Management Insecure Cryptographic Storage Insecure Communications Failure to Restrict URL Access http://www.owasp.org/index.php/Top_10
Description of CSRF threat and the impact CSRF forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. An attacker may force the users of a web application to execute actions of the attackers choosing via social engineering
CSRF Causes The way CSRF is accomplished relies on the following facts: 1) Web browser behavior regarding the handling of session-related information such as cookies and http authentication information; 2) Knowledge of valid web application URLs on the side of the attacker; 3) Application session management relying only on information which is known by the browser; 4) Existence of HTML tags whose presence cause immediate access to an http[s] resource; for example the image tag img .
Threat Scenario
CSRF is a Same Origin Exploit The GET request could be originated in several different ways: by the user, who is using the actual web application; by the user, who types the URL it directly in the browser; by the user, who follows a link (external to the application) pointing to the URL.
CSRF attack vectors
Example: Webgoat/?
CSRF Countermeasures: Client/User Some mitigating actions are: Logoff immediately after using a web application Do not allow your browser to save username/passwords, and do not allow sites to “remember” your login Do not use the same browser to access sensitive applications and to surf freely the Internet; if you have to do both things at the same machine, do them with separate browsers. Integrated HTML-enabled mail/browser, newsreader/browser environments pose additional risks since simply viewing a mail message or a news message might lead to the execution of an attack.
CSRF Countermeasures: Developers Add session-related information to the URL Use POST instead of GET Automatic logout mechanisms Rely on Referer headers
Black Box testing and example Llet u the URL being tested; for example, u = http:// www.example.com /action build a html page containing the http request referencing url u (specifying all relevant parameters; in case of http GET this is straightforward, while to a POST request you need to resort to some Javascript); make sure that the valid user is logged on the application; induce him into following the link pointing to the to-be-tested URL (social engineering involved if you cannot impersonate the user yourself); observe the result, i.e. check if the web server executed the request.
Gray Box testing and example Audit the application to ascertain if its session management is vulnerable. Check If session management relies only on client side values
Tools
Difference Between XSS and CSRF

More Related Content

PPTX
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
 
PPTX
Introduction to CSRF Attacks & Defense
Surya Subhash
 
PPTX
Understanding Cross-site Request Forgery
Daniel Miessler
 
PPTX
Cross Site Request Forgery (CSRF) Scripting Explained
Valency Networks
 
PDF
CSRF Basics
n|u - The Open Security Community
 
PPT
Cross Site Request Forgery
Tony Bibbs
 
PPTX
CSRF Attack and Its Prevention technique in ASP.NET MVC
Suvash Shah
 
PPTX
Sql injections - with example
Prateek Chauhan
 
A8 cross site request forgery (csrf) it 6873 presentation
Albena Asenova-Belal
 
Introduction to CSRF Attacks & Defense
Surya Subhash
 
Understanding Cross-site Request Forgery
Daniel Miessler
 
Cross Site Request Forgery (CSRF) Scripting Explained
Valency Networks
 
CSRF Basics
n|u - The Open Security Community
 
Cross Site Request Forgery
Tony Bibbs
 
CSRF Attack and Its Prevention technique in ASP.NET MVC
Suvash Shah
 
Sql injections - with example
Prateek Chauhan
 

What's hot (20)

PPTX
SSRF exploit the trust relationship
n|u - The Open Security Community
 
PPT
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
PPTX
SSRF For Bug Bounties
OWASP Nagpur
 
PPT
SQL Injection
Adhoura Academy
 
PPT
Xss ppt
chanakyac1
 
PPTX
Ssrf
Ilan Mindel
 
PPTX
Attacking thru HTTP Host header
Sergey Belov
 
PPTX
Vulnerabilities in modern web applications
Niyas Nazar
 
ODP
OWASP Secure Coding
bilcorry
 
PDF
Secure Session Management
GuidePoint Security, LLC
 
PPTX
Deep dive into ssrf
n|u - The Open Security Community
 
PPTX
A2 - broken authentication and session management(OWASP thailand chapter Apri...
Noppadol Songsakaew
 
PPSX
Sessions and cookies
www.netgains.org
 
PDF
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
 
PDF
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén
 
PDF
Cross Site Scripting Going Beyond the Alert Box
Aaron Weaver
 
PDF
KHNOG 3: DDoS Attack Prevention
APNIC
 
PDF
Penetration testing web application web application (in) security
Nahidul Kibria
 
PPTX
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
PPTX
Brute force-attack presentation
Mahmoud Ibra
 
SSRF exploit the trust relationship
n|u - The Open Security Community
 
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
SSRF For Bug Bounties
OWASP Nagpur
 
SQL Injection
Adhoura Academy
 
Xss ppt
chanakyac1
 
Ssrf
Ilan Mindel
 
Attacking thru HTTP Host header
Sergey Belov
 
Vulnerabilities in modern web applications
Niyas Nazar
 
OWASP Secure Coding
bilcorry
 
Secure Session Management
GuidePoint Security, LLC
 
Deep dive into ssrf
n|u - The Open Security Community
 
A2 - broken authentication and session management(OWASP thailand chapter Apri...
Noppadol Songsakaew
 
Sessions and cookies
www.netgains.org
 
Introduction to Cross Site Scripting ( XSS )
Irfad Imtiaz
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén
 
Cross Site Scripting Going Beyond the Alert Box
Aaron Weaver
 
KHNOG 3: DDoS Attack Prevention
APNIC
 
Penetration testing web application web application (in) security
Nahidul Kibria
 
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
Brute force-attack presentation
Mahmoud Ibra
 
Ad

Similar to Cross Site Request Forgery Vulnerabilities (20)

PDF
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...
IRJET Journal
 
PPT
Web Application Security
Chris Hillman
 
PDF
A security note for web developers
John Ombagi
 
PPT
Why You Need A Web Application Firewall
Port80 Software
 
DOC
HallTumserFinalPaper
Daniel Tumser
 
PDF
A4 A K S H A Y B H A R D W A J
bhardwajakshay
 
PPTX
webapplicationattacks-101005070110-phpapp02.pptx
SyedAliShahid3
 
PPTX
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
PPT
Cyber security
Sakib Sami
 
PDF
CSRF Attacks and its Defence using Middleware
ijtsrd
 
PDF
IRJET- Survey on Web Application Vulnerabilities
IRJET Journal
 
PPTX
Cyber security 2.pptx
NotSure11
 
PDF
React security vulnerabilities
AngelinaJasper
 
PDF
XSS, LFI & CSRF vulnerabilities
CTM360
 
PDF
CSRF: ways to exploit, ways to prevent
Paulius Leščinskas
 
PPTX
Cross Site Request Forgery- CSRF
Mitul Babariya
 
PDF
SeanRobertsThesis
Sean Roberts
 
PPT
A privacy-preserving defense mechanism against attacks
tahucampur
 
PPTX
Security Issues in HTML 5
Wasif Altaf
 
PPTX
Security Testing Training With Examples
Alwin Thayyil
 
Prevention Against CSRF Attack using Client Server Mutual Authentication Tech...
IRJET Journal
 
Web Application Security
Chris Hillman
 
A security note for web developers
John Ombagi
 
Why You Need A Web Application Firewall
Port80 Software
 
HallTumserFinalPaper
Daniel Tumser
 
A4 A K S H A Y B H A R D W A J
bhardwajakshay
 
webapplicationattacks-101005070110-phpapp02.pptx
SyedAliShahid3
 
Website hacking and prevention (All Tools,Topics & Technique )
Jay Nagar
 
Cyber security
Sakib Sami
 
CSRF Attacks and its Defence using Middleware
ijtsrd
 
IRJET- Survey on Web Application Vulnerabilities
IRJET Journal
 
Cyber security 2.pptx
NotSure11
 
React security vulnerabilities
AngelinaJasper
 
XSS, LFI & CSRF vulnerabilities
CTM360
 
CSRF: ways to exploit, ways to prevent
Paulius Leščinskas
 
Cross Site Request Forgery- CSRF
Mitul Babariya
 
SeanRobertsThesis
Sean Roberts
 
A privacy-preserving defense mechanism against attacks
tahucampur
 
Security Issues in HTML 5
Wasif Altaf
 
Security Testing Training With Examples
Alwin Thayyil
 
Ad

More from Marco Morana (20)

PDF
Is talent shortage ws marco morana
Marco Morana
 
PPTX
Isaca conference threat_modeling_marco_morana_short.pdf
Marco Morana
 
PPTX
Owasp atlanta-ciso-guidevs1
Marco Morana
 
PPTX
Owasp e crime-london-2012-final
Marco Morana
 
PDF
Security And Privacy Cagliari 2012
Marco Morana
 
PPT
Presentation sso design_security
Marco Morana
 
PPTX
Owasp security summit_2012_milanovs_final
Marco Morana
 
PPTX
Security Summit Rome 2011
Marco Morana
 
PPTX
Risk Analysis Of Banking Malware Attacks
Marco Morana
 
PDF
Web 2.0 threats, vulnerability analysis,secure web 2.0 application developmen...
Marco Morana
 
PPT
Security Exploit of Business Logic Flaws, Business Logic Attacks
Marco Morana
 
PPT
Software Security Initiatives
Marco Morana
 
PPT
Business cases for software security
Marco Morana
 
PPT
Security Compliance Web Application Risk Management
Marco Morana
 
PPT
Web Application Security Testing
Marco Morana
 
PPT
Owasp Forum Web Services Security
Marco Morana
 
PPT
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
 
PPT
Software Security Frameworks
Marco Morana
 
PPT
OWASP Top 10 And Insecure Software Root Causes
Marco Morana
 
PPT
Software Open Source, Proprierio, Interoperabilita'
Marco Morana
 
Is talent shortage ws marco morana
Marco Morana
 
Isaca conference threat_modeling_marco_morana_short.pdf
Marco Morana
 
Owasp atlanta-ciso-guidevs1
Marco Morana
 
Owasp e crime-london-2012-final
Marco Morana
 
Security And Privacy Cagliari 2012
Marco Morana
 
Presentation sso design_security
Marco Morana
 
Owasp security summit_2012_milanovs_final
Marco Morana
 
Security Summit Rome 2011
Marco Morana
 
Risk Analysis Of Banking Malware Attacks
Marco Morana
 
Web 2.0 threats, vulnerability analysis,secure web 2.0 application developmen...
Marco Morana
 
Security Exploit of Business Logic Flaws, Business Logic Attacks
Marco Morana
 
Software Security Initiatives
Marco Morana
 
Business cases for software security
Marco Morana
 
Security Compliance Web Application Risk Management
Marco Morana
 
Web Application Security Testing
Marco Morana
 
Owasp Forum Web Services Security
Marco Morana
 
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
 
Software Security Frameworks
Marco Morana
 
OWASP Top 10 And Insecure Software Root Causes
Marco Morana
 
Software Open Source, Proprierio, Interoperabilita'
Marco Morana
 

Recently uploaded (20)

PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
KodekX | Application Modernization Development
KodekX
 
Teaching material agriculture food technology
LiaRayya
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Cloud computing and distributed systems.
kkkkkhan
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
KodekX | Application Modernization Development
KodekX
 

Cross Site Request Forgery Vulnerabilities

  • 1. Cross Site Request Forgery Deep Dive In Cincinnati Chapter Meeting May 27 th , 2008 [email_address]
  • 2. Agenda TBD OWASP Publications OWASP Tools Demo By Blaine Wilson OWASP Cincinnati Local Chapter Final Questions
  • 3. Place of CSRF in the OWASP Top 10 2007 Cross Site Scripting (XSS) Injection Flaws Insecure Remote File Include Insecure Direct Object Reference Cross Site Request Forgery (CSRF) Information Leakage and Improper Error Handling Broken Authentication and Session Management Insecure Cryptographic Storage Insecure Communications Failure to Restrict URL Access http://www.owasp.org/index.php/Top_10
  • 4. Description of CSRF threat and the impact CSRF forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. An attacker may force the users of a web application to execute actions of the attackers choosing via social engineering
  • 5. CSRF Causes The way CSRF is accomplished relies on the following facts: 1) Web browser behavior regarding the handling of session-related information such as cookies and http authentication information; 2) Knowledge of valid web application URLs on the side of the attacker; 3) Application session management relying only on information which is known by the browser; 4) Existence of HTML tags whose presence cause immediate access to an http[s] resource; for example the image tag img .
  • 7. CSRF is a Same Origin Exploit The GET request could be originated in several different ways: by the user, who is using the actual web application; by the user, who types the URL it directly in the browser; by the user, who follows a link (external to the application) pointing to the URL.
  • 10. CSRF Countermeasures: Client/User Some mitigating actions are: Logoff immediately after using a web application Do not allow your browser to save username/passwords, and do not allow sites to “remember” your login Do not use the same browser to access sensitive applications and to surf freely the Internet; if you have to do both things at the same machine, do them with separate browsers. Integrated HTML-enabled mail/browser, newsreader/browser environments pose additional risks since simply viewing a mail message or a news message might lead to the execution of an attack.
  • 11. CSRF Countermeasures: Developers Add session-related information to the URL Use POST instead of GET Automatic logout mechanisms Rely on Referer headers
  • 12. Black Box testing and example Llet u the URL being tested; for example, u = http:// www.example.com /action build a html page containing the http request referencing url u (specifying all relevant parameters; in case of http GET this is straightforward, while to a POST request you need to resort to some Javascript); make sure that the valid user is logged on the application; induce him into following the link pointing to the to-be-tested URL (social engineering involved if you cannot impersonate the user yourself); observe the result, i.e. check if the web server executed the request.
  • 13. Gray Box testing and example Audit the application to ascertain if its session management is vulnerable. Check If session management relies only on client side values
  • 14. Tools