I recently wrote up a doc on CSRF and presented it to a group of colleagues. I presented it as a work in progress, bu tit was kind of all over the place.
I challenged everyone to think of CSRF as a new type of payload that gets delivered rather than an exploit or vulnerability that can easily be fixed.
I was challenged on my statement that in the presence of XSS on a given domain, CSRF payloads can never be fully mitigated.
Posts
No comments:
Post a Comment