Secure Coding mailing list archives
Cross Site Request Forgery and how to find it in the wild with 02
From: Matt Parsons <mparsons1980 () gmail com>
Date: Thu, 2 Dec 2010 14:11:09 -0600
I have been reading on a lot of the security blogs on how people are exploiting Crossdomain.xml with Cross Site Request Forgery, I don't blog about how to exploit it but rather how to find it automatically with 02. Feel free to e-mail me with questions or comments. http://parsonsisconsulting.wordpress.com/2010/12/02/how-to-find-crossdomain-xml-cross-site-request-forgery-with-02/ Thanks, Matt -- Matt Parsons, MSM, CISSP 315-559-3588 Blackberry 817-294-3789 Home office "Do Good and Fear No Man" Fort Worth, Texas A.K.A The Keyboard Cowboy mailto:mparsons1980 () gmail com <mparsons1980 () gmail com> http://www.parsonsisconsulting.com http://www.parsonsisconsultingblog.com <http://www.o2-ounceopen.com/o2-power-users/> http://www.linkedin.com/in/parsonsconsulting http://www.vimeo.com/8939668 http://twitter.com/parsonsmatt
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Cross Site Request Forgery and how to find it in the wild with 02 Matt Parsons (Dec 03)