Tag Archive

DeepSec 2014 Talk: Build Yourself a Risk Assessment Tool

Published on September 10, 2014 By lynx

All good defences start with some good ideas. The is also true for information security. DeepSec 2014 features a presentation by Vlado Luknar who will give you decent hints and a guideline on how to approach the dreaded risk assessment with readily available tools. We have kindly asked Vlado to give you a detailed teaser […]

DeepSec 2013 Video: CSRFT – A Cross Site Request Forgeries Toolkit

Published on February 14, 2014 By lynx

While Cross Site Request Forgery (CSRF) is an attack that is primarily targeted at the end user, it still affects web sites. Some developers try to avoid it by using secret cookies or restricting clients to HTTP POST requests, but this won’t work. The usual defence is to implement unique tokens in web forms. CSRF […]

DeepSec 2013 Talk: CSRFT – A Cross Site Request Forgeries Toolkit

Published on November 9, 2013 By lynx

Cross Site Request Forgery (CSRF) is a real threat to web users and their sessions. To quote from the OWASP web site: „CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated.“ Combined with social engineering this is a very effective attack […]

Talk: Ground BeEF – Cutting, devouring and digesting the legs off a Browser

Published on October 4, 2011 By lynx

Web browsers have turned into industrial standard software. There’s no office, no company, no network, no client any more that does not use web browsers for at least one task. Any attacker can safely assume that browser software will be present in most target networks. Sadly browser security has not kept up with the spread […]