Surf's Up - Exploring CSRF
At The Next HOPE convention in NYC this summer I presented a talk on Cross Site Request Forgery (CSRF) entitled “Surf’s Up – Exploring Cross Site Request Forgery through Social Network Exploitation“.
The idea of the talk was to present the background, theory, and use of CSRF by exploring a vulnerability found in Vampirefreaks that allowed for a password stealing social network worm to be developed. Additionally, some protective measures and attack variations were presented. Overall I feel the talk was a great success and had a blast presenting it.
Surf’s Up – Exploring Cross Site Request Forgery from Daniel McCarney on Vimeo.
The slides from this talk are available under a Creative Commons license in both PDF format and Open Office Impress format
Transmissions:
