Produkte und Services News und Presse Über Mayflower ThinkPHP
Mayflower

Get social with Mayflower!


... or look on our website (German, English version).

Quicksearch

Syndicate This Blog

Zend Framework Poster



Get your Zend Framework poster for free!

Secure your site

SektionEins is the Web Security Company. It was founded by Mayflower GmbH and Stefan Esser and provides Security Audits, Consulting and Security Trainings. Please contact us if you need securing your web application.

Categories



All categories

Blogroll

We read:

Planet PHP
Planet MySQL
Exciting E-Commerce
E-Commerce Blog
Fischmarkt
fukami
Lars Jankowfsky
Themenblog
Thomas Bachem
Matt Asay on OpenSource
Joel on Software
Ibrahim Evsan
Hasematzel
Techcrunch
Indiskretion Ehrensache
Sichelputzer
Alexander Schwinn
Managing Tech
F-LOG-GE
trycatchfinally

PHProjekt Developer Blog

PHProjekt 6.0.2 released

Saturday, May 22. 2010
PHProjekt 6.0 is out!

Thursday, March 18. 2010
What's new in PHProjekt 6 since the Preview 3?

Friday, March 12. 2010

phpMyFAQ devBlog

phpMyFAQ 2.6.7 Released!
Thursday, July 29. 2010
Status update for phpMyFAQ 2.6.7
Sunday, July 25. 2010
Status update for phpMyFAQ 2.6.7
Tuesday, July 6. 2010

Technorati

Entries tagged as csrf

ThinkPHP /dev/blog

Entries tagged as csrf

Related tags

Friday, January 11. 2008

c't empfiehlt Chorizo für ajax Sicherheitsprüfungen

Die aktuelle Ausgabe der c't bringt unter dem Titel "Risiko 2.0" einen Artikel zur Sicherheit von Ajax Anwendungen. Der Autor stellt fest daß den vielfältigen Möglichkeiten, Ajax Funktionen auszuhebeln, eine sehr geringe Zahl von Tools gegenübersteht, die Schwachstellen zu testen und zu reporten. Neben Sprajax wird unser Security Scanner Chorizo! empfohlen.

Wer ihn noch nicht kennt: Chorizo ist ein Online-Scanner der nach XSS, CSRF, SQL Injections, Remote Code Executions und vielen anderen Vulnerabilites fahndet und reported. Keine Softwareinstallation nötig - alles geschieht im Browser.


Wer ihn testen mag: einen vollwertigen Account für eine Domain (Chorizo Free) gibt es hier.

Posted by Albrecht Günther in Chorizo at 09:19 | Comments (0) | Trackbacks (0)
Defined tags for this entry: , , , ,
Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at del.icio.us Digg c't empfiehlt Chorizo für ajax Sicherheitsprüfungen Bloglines c't empfiehlt Chorizo für ajax Sicherheitsprüfungen Technorati c't empfiehlt Chorizo für ajax Sicherheitsprüfungen Fark this: c't empfiehlt Chorizo für ajax Sicherheitsprüfungen Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at YahooMyWeb Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at Furl.net Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at reddit.com Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at blinklist.com Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at Spurl.net Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at NewsVine Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at Simpy.com Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at blogmarks Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen with wists Bookmark c't empfiehlt Chorizo für ajax Sicherheitsprüfungen at Ma.gnolia.com

Thursday, October 5. 2006

Buy one XSS, get a CSRF for free

Cross Site Request Forging (see http://en.wikipedia.org/wiki/Cross-site_request_forgery for more information) has been around for a while now. It misuses the trust of a web application that every request sent by the browser is wanted by its user.
For example, if you know that i am logged in to our blog admin backend most of the time, and you know its url and software, you could trick me into visiting a special prepared url. That url contains a small javascript that automatically submits a fake form to our admin backend, and short time later everybody is surprised to read on our blog that Mayflower will leave the domain of web application development and open a butcher's shop instead.

Since the authors of our blog software are smart people, they implemented a CSRF protection. And not only them, even we not as smart PHProjekt developers implemented one.
There are three popular ways to protect your software against CSRF:

Continue reading "Buy one XSS, get a CSRF for free"

Posted by johann in Chorizo PHP at 10:35 | Comments (5) | Trackbacks (0)
Defined tags for this entry: , , ,
Bookmark Buy one XSS, get a CSRF for free at del.icio.us Digg Buy one XSS, get a CSRF for free Bloglines Buy one XSS, get a CSRF for free Technorati Buy one XSS, get a CSRF for free Fark this: Buy one XSS, get a CSRF for free Bookmark Buy one XSS, get a CSRF for free at YahooMyWeb Bookmark Buy one XSS, get a CSRF for free at Furl.net Bookmark Buy one XSS, get a CSRF for free at reddit.com Bookmark Buy one XSS, get a CSRF for free at blinklist.com Bookmark Buy one XSS, get a CSRF for free at Spurl.net Bookmark Buy one XSS, get a CSRF for free at NewsVine Bookmark Buy one XSS, get a CSRF for free at Simpy.com Bookmark Buy one XSS, get a CSRF for free at blogmarks Bookmark Buy one XSS, get a CSRF for free with wists Bookmark Buy one XSS, get a CSRF for free at Ma.gnolia.com
(Page 1 of 1, totaling 2 entries)