Web Application Security
Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 16 2004 01:13AM
Thomas Schreiber (ts securenet de) (7 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 20 2004 05:17PM
Elihu Smails (elihusmails2000 yahoo com) (5 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 06:17PM
Florian Weimer (fw deneb enyo de)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 01:37PM
Joseph Miller (joseph tidetamerboatlifts com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 01:37PM
Joseph Miller (joseph tidetamerboatlifts com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 07:20AM
Sverre H. Huseby (shh thathost com) (1 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 06:47PM
Elihu Smails (elihusmails2000 yahoo com) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 11:56AM
Sverre H. Huseby (shh thathost com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 11:56AM
Sverre H. Huseby (shh thathost com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 07:20AM
Sverre H. Huseby (shh thathost com) (1 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 06:47PM
Elihu Smails (elihusmails2000 yahoo com) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 11:56AM
Sverre H. Huseby (shh thathost com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 11:56AM
Sverre H. Huseby (shh thathost com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 20 2004 03:00PM
Eran Tromer (webapp2eran tromer org) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 05:47PM
Florian Weimer (fw deneb enyo de) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:12PM
Eran Tromer (webapp2eran tromer org) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:30PM
Eran Tromer (webapp2eran tromer org)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:30PM
Eran Tromer (webapp2eran tromer org)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:12PM
Eran Tromer (webapp2eran tromer org) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:30PM
Eran Tromer (webapp2eran tromer org)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:30PM
Eran Tromer (webapp2eran tromer org)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 11:07AM
Shade (shade wastelands gen nz)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 20 2004 03:00PM
Eran Tromer (webapp2eran tromer org) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 05:47PM
Florian Weimer (fw deneb enyo de) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:12PM
Eran Tromer (webapp2eran tromer org) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:30PM
Eran Tromer (webapp2eran tromer org)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:30PM
Eran Tromer (webapp2eran tromer org)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:12PM
Eran Tromer (webapp2eran tromer org) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:30PM
Eran Tromer (webapp2eran tromer org)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 08:30PM
Eran Tromer (webapp2eran tromer org)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 11:07AM
Shade (shade wastelands gen nz)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 17 2004 08:36AM
Philippe P. (webappsec philippe prados name) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 20 2004 02:44PM
Joseph Miller (joseph tidetamerboatlifts com) (1 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 06:15PM
Florian Weimer (fw deneb enyo de)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 20 2004 09:54AM
Shade (shade wastelands gen nz) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 06:09PM
Florian Weimer (fw deneb enyo de)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 06:09PM
Florian Weimer (fw deneb enyo de)
RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 16 2004 10:40PM
Yvan G.J. Boily (yboily seccuris com) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 06:04PM
Florian Weimer (fw deneb enyo de)
RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 20 2004 05:56PM
Mark Burnett (mb xato net) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 04:31PM
Jeff Williams (jeff williams aspectsecurity com) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 07:46PM
Augusto Paes de Barros (apbarros gmail com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 07:46PM
Augusto Paes de Barros (apbarros gmail com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 04:31PM
Jeff Williams (jeff williams aspectsecurity com) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 07:46PM
Augusto Paes de Barros (apbarros gmail com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 07:46PM
Augusto Paes de Barros (apbarros gmail com)
RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 16 2004 10:40PM
Yvan G.J. Boily (yboily seccuris com) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 06:04PM
Florian Weimer (fw deneb enyo de)
RE: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 20 2004 05:56PM
Mark Burnett (mb xato net) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 04:31PM
Jeff Williams (jeff williams aspectsecurity com) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 07:46PM
Augusto Paes de Barros (apbarros gmail com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 07:46PM
Augusto Paes de Barros (apbarros gmail com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 21 2004 04:31PM
Jeff Williams (jeff williams aspectsecurity com) (2 replies)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 07:46PM
Augusto Paes de Barros (apbarros gmail com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 22 2004 07:46PM
Augusto Paes de Barros (apbarros gmail com)
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 16 2004 05:08PM
Sverre H. Huseby (shh thathost com) (1 replies)
[Thomas Schreiber]

| SESSION RIDING - A Widespread Vulnerability in Today's Web Applications
| http://www.securenet.de/papers/Session_Riding.pdf

Nice work.

| In this paper we describe an issue that was raised in 2001 under
| the name of Cross-Site Request Forgeries (CSRF).

The problem you describe (If I understand correctly) was first (to my
knowledge) described in May 2000 by Jim Fulton in the Zope community.
The fenomenon was baptised "Client Side Trojans" back then.

I totally agree that this problem hasn't got the attention it
deserves, and that an enormous amount of web sites are vulnerable.

Sverre.

[ reply ]
Re: Whitepaper "SESSION RIDING - A Widespread Vulnerability in Today's Web Applications" Dec 16 2004 05:10PM
Sverre H. Huseby (shh thathost com)


 

Privacy Statement
Copyright 2010, SecurityFocus