Title: CSRF: the nightmare becomes reality?
Authors: Desmet, Lieven #
Issue Date: 14-May-2009
Conference: OWASP AppSec Europe 2009 location:Poland date:13-14 May 2009
Abstract: Cross-Site Request Forgery (CSRF) is a well known attack in which a malicious webpage instructs the victim's browser to send out requests to legitimate sites on behalf of the victim, while piggybacking on the authorized sessions of the victim. CSRF attacks are typically transparent for the victim, and for legitimate websites it is hard to differentiate between requests initiated by the victim, and requests initiated by the malicious webpage.

Although this type of vulnerability is already known for about a decade, CSRF recently gained much more attention because of its impact on contemporary e-society. In November 2007, a vulnerability in GMail was exploited to forward incoming mails of the victims to an arbitrary account. In October 2008, Zeller and Felten published a technical report, describing CSRF attacks on four larger websites, including and .

Several mitigation techniques are already developed, both for protecting the client as well as the legitimate server. In this presentation, I will give an overview of the possible mitigation techniques and discuss several of the proposed solutions.
Publication status: published
KU Leuven publication type: IMa
Appears in Collections:Informatics Section
# (joint) last author

Files in This Item:
File Description Status SizeFormat
AppsecEU09_Desmet_Lieven.pptx Published 173KbMicrosoft PowerpointView/Open


All items in Lirias are protected by copyright, with all rights reserved.