[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] RE: Defeating nonce/token based CSRF protection

From: "Jeroen van Dongen" <jeroen@xxxxxxxxxxxxx>
Subject: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection
Date: Fri, 18 Apr 2008 20:28:42 +0200

Thanks all for the answers -

Mike Duncan summarised it nicely I guess:
"...and we are answering: Yes, this is possible but security in depth is
the best defense against this."

Thanks again,
Jeroen

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection
  - From: Mike Duncan
- RE: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection
  - From: Eric Rachner

Prev by Date: RE: [WEB SECURITY] Open Source Code Analysis Tools
Next by Date: Re: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection
Previous by thread: [WEB SECURITY] Defeating nonce/token based CSRF protection
Next by thread: Re: [WEB SECURITY] RE: Defeating nonce/token based CSRF protection
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site