SANS Pen Test Webcast: Complete Application pwnage via Multi POST XSRF

preview_player
Показать описание
Instructor: Adrien de Beaupre

Overview: This talk discusses the risk posed by Cross Site Request Forgery (CSRF or XSRF) which is also known as session riding, or transaction injection. Many applications are vulnerable to XSRF, mitigation is difficult as it may require re-engineering the entire application, and the threat they pose is often misunderstood. A live demo of identifying the vulnerability, and exploiting it by performing multiple unauthorized transactions in a single POST will be demonstrated.
  1. SANS Offensive Operations
  2. Web Application (Industry)
  3. Penetration Testing
  4. Hacking
  5. Ethical Hacking
  6. Hackers
Рекомендации по теме
SANS Pen Test 0:49:03

SANS Pen Test Webcast: Complete Application pwnage via Multi POST XSRF

SANS Pen Test: 1:05:19

SANS Pen Test: Webcast - Adventures in High Value Pen Testing A Taste of SANS SEC560

SANS Pen Test 0:55:39

SANS Pen Test WEBCAST: Hacking for the Masses w/ Mark Baggett

SANS Webcast: Which 1:03:31

SANS Webcast: Which SANS Pen Test Course Should I Take? w/ Nmap Demo

SANS Webcast: Software 0:59:44

SANS Webcast: Software Defined Radio for Penetration Testing and Analysis

SANS Webcast: Which 0:59:52

SANS Webcast: Which SANS Pen Test Course Should I Take? - SEC573 Edition

SANS Pen Test: 1:04:07

SANS Pen Test: Webcast - If it fits, it sniffs Adventures in WarShipping

SANS Webcast: Which 1:00:07

SANS Webcast: Which SANS Pen Test Course Should I Take? - SEC575 Edition

SANS Webcast: Pen 0:57:45

SANS Webcast: Pen Testing with PowerShell - Data Exfiltration Techniques

SANS Webcast: HTTP/2 0:59:50

SANS Webcast: HTTP/2 & Websockets are gonna change the Pen Test World. Are You Ready?

SANS Webcast: Which 1:05:11

SANS Webcast: Which SANS Pen Test Course Should I Take? - SEC617 Edition

SANS Webcast: Navigating 1:02:24

SANS Webcast: Navigating SANS Pen Test Cheat Sheets for Fun and Profit

SANS Webcast: Web 0:52:56

SANS Webcast: Web Application Scanning Automation

SANS Webcast: Security 0:53:59

SANS Webcast: Security is QA - My Path from Developer to Pen Tester

SANS Webcast: Hitting 1:20:34

SANS Webcast: Hitting every rock on the way down - A look back at 15 years of pentesting

SANS Webcast: Tips 1:01:42

SANS Webcast: Tips and Tricks for Customers and Pen Testers on How to Get Higher Value Pen Tests

SANS Webcast: Software 1:03:44

SANS Webcast: Software Defined Radio for Penetration Testing and Analysis

CISSP Cram Session 1:00:18

CISSP Cram Session | SANS Webcast Series

SANS Webcast: Top 0:58:46

SANS Webcast: Top Methods Pen Testers use to Social Engineer their way in.

SANS Pen Test 0:42:34

SANS Pen Test Webcast: Easier Web App Pen Testing by Leveraging Plugins and Extensions

SANS Webcast: Dominating 1:00:14

SANS Webcast: Dominating The Active Directory

SANS Webcast: Pen 0:58:32

SANS Webcast: Pen Testing with PowerShell - Automating the Boring so You Can Focus on the FUN!

SANS Webcast: Pen 0:57:09

SANS Webcast: Pen Testing with PowerShell - Local Privilege Escalation Techniques

SANS Webcast: What’s 0:49:57

SANS Webcast: What’s covered in the our Adv. Web App Pen Testing Course (SEC642)?