Talk:Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

From OWASP
Revision as of 21:45, 26 June 2012 by Ben Broussard (Talk | contribs)

Jump to: navigation, search

Checking Referer Header is used to patch the most dangerous CSRF vulnerability ever discovered (which was by me http://www.kb.cert.org/vuls/id/643049 Michael Brooks). This article is incorrect and I am chaining it. If you have a problem then you should contact me, but as it stands I cannot allow this page to spread false information.


That is not the most dangerous CSRF vuln ever discovered! You are either really full of yourself, or you know very little about CSRF. I have found CSRF bugs that could have trivially been exploited for millions of dollars of theft, and those aren't the worst ones out there. I'm going to update the Referer Header section to be more accurate and include GET-based CSRF attacks (such as open redirection, probably from the login page) that referer checking usually doesn't cover either (which is one of it's biggest flaws).