Abstract
In general, the majority of vulnerability detection techniques depend on fairly simple injections of strings and subsequent blind pattern matching of the body of the induced HTTP response.These vulnerabilities include, but are not limited to, XSS, SQL Injection, File Inclusion which require no awareness of context but straightforward brute-force.However,there are types of vulnerabilities like Blind SQL Injection and Cross-Site Request Forgery (CSRF or XSRF) that do require a certain awareness of the context under which the audit and discovery occurs. In the case of CSRF even this is not enough as CSRF, due to its abstract nature, covers a great range of scenarios, most of them completely benign.Thus, automated CSRF detection traditionally creates a great deal of noise.This paper is aimed towards demonstrating a fairly simple technique, dubbed “4-pass rDiff CSRF detection”, in order to diminish such noise by easing the process of context establishment, i.e. allow Web Application Security Scanners to determine which HTML Form elements are worthy of being reported as vulnerable to CSRF.
Download PDF
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Automated detection of CSRF-worthy HTML forms through 4-pass reverse-Diff analysis”
Leave a reply