DeepSec 2013 Video: CSRFT – A Cross Site Request Forgeries Toolkit

René Pfeiffer/ February 14, 2014/ Conference

While Cross Site Request Forgery (CSRF) is an attack that is primarily targeted at the end user, it still affects web sites. Some developers try to avoid it by using secret cookies or restricting clients to HTTP POST requests, but this won’t work. The usual defence is to implement unique tokens in web forms. CSRF is often underestimated, because their presence is more common than anticipated.

At DeepSec 2013 Paul Amar introduced his Cross Site Request Forgeries Toolkit (CSRFT). The toolkit helps you to study and prototype CSRF interaction with web servers. Paul’s talk was one of the U21 submissions accepted at DeepSec 2013.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.

1 Comment

Comments are closed.