For some reason, Cross-Site Request Forgery has been a vulnerability I have had a hard time getting a full understanding of so I thought it would make a good topic for one of these posts. Before we can get into examples though, let's talk about what Cross-Site Request Forgery (CSRF) is. OWASP defines it as "an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated." They go into more detail, but let's pull that apart first. CSRF is all about having something happen within the context of a targeted…
All posts in OWASP
PlexTrac is the next generation platform for cybersecurity professionals. Workflow integrations and automated reporting make PlexTrac the last cybersecurity tool you will ever need.…
Using Burp Suite to bypass anti-CSRF protections with the built-in Session Handling and Macro recorder.…
JWT advantages and disadvantages with an emphasis on security implementations.…
Burp Suite 2.0 beta is now available to Professional users. This is a major upgrade, with a host of new features, including A new crawler, able to automatically handle sessions, detect changes in application state, crawl with multiple logins, and deal with volatile content.…
Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input.…
Utilizing an unrestricted file upload vulnerability with Microsoft Docx files to exploit web applications with Cross-Site Scripting (XSS).…
Since I wrote a blog post recently on how to capture a WPA/WPA2 handshake using the WiFi Pineapple Nano I thought it would be interesting to take a peek under the hood, and see how the SiteSurvey module on the Pineapple achieved this. Disclaimer: Any actions and or activities related to the material contained within this blog is solely your responsibility. The skills being taught are for educational purposes only. The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors will not be held responsible in the event…