Einschränkung der Auswahl
Alle Artikel aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2008/2009
oder nur Artikel des
• Entwickler Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2008-2010
alle (lang!)
• Mobile Technology aus
2019
2016
2015
2014
2012/2013
alle (lang!)
• PHP Magazin / PHP User aus
2019
2018
2017
2016
2015
2014
2013
2012
2011
2009/2010
alle (lang!)
• windows.developer / dot.Net Magazin aus
2019
2018
2017
2016
2015
2014
2013
2012
2008-2011
alle (lang!)
• oder der anderen Magazine
Confused Deputy 2015
Neues rund um eine sehr alte Schwachstelle: Cross-Site Request Forgery
Im
PHP Magazin 4.2015
ist ein Artikel über Cross-Site Request Forgery erschienen: Was gibt
es neues zu dieser doch schon sehr alten Schwachstelle zu berichten?
Links
- [1] Norm Hardy: "The Confused Deputy"
- [2] Peter Watkins; Mailingliste Bugtrag: "Cross-Site Request Forgeries (Re: The Dangers of Allowing Users to Post Images)"
- [3] CSRF Files - Packet Storm
- [4] Dylan Saccomanni; Breaking Bits: "GoDaddy CSRF Vulnerability Allows Domain Takeover"
- [5] Carsten Eilers: "Cross-Site Scripting im Überblick, Teil 3: Der MySpace-Wurm Samy"
- [6] Ahamed Nafeez; Black Hat Asia 2014: "JS Suicide: Using JavaScript Security Features to Kill JS Security"
- [7] OWASP CSRFGuard Project
- [8] OWASP CSRFGuard 3.1.0 auf GitHub: Last News
- [9] Rich Lundeen; Black Hat Europe 2013: "The Deputies Are Still Confused"
- [10] Rich Lundeen; WebstersProdigy: "The Deputies are Still Confused (Full talk and content from Blackhat EU)"
- [11] Carsten Eilers: "Websecurity: Cookie Tossing"
- [12] Mario Heiderich, Marcus Niemietz, Felix Schuster, Thorsten Holz, Jörg Schwenk; 19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, October 2012: "Scriptless Attacks: Stealing the pie without touching the sill"
- [13] Mike Shema, Sergey Shekyan, Vaagn Toukharian; Black Hat USA 2013: "Dissecting CSRF Attacks & Countermeasures"
- [14] Mike Shema; Deadliest Web Attacks: "BlackHat US 2013: Dissecting CSRF..."
- [15] Carsten Eilers: "Kommentare zu Java, SQL Slammer und GitHub-Geheimnissen"
- [16] Carsten Eilers: "Schutzmaßnahmen: Content Security Policy gegen XSS, Teil 1" ff.
- [17] Mike Shema; Deadliest Web Attacks: "...And They Have a Plan"
- [18] Mike Shema: mutantzombie/SessionOriginSecurity auf GitHub
- [19] Mike Shema; Webappsec-Mailinglist des W3C: "Proposed CSRF countermeasure"
- [20] Shreeraj Shah; Black Hat USA 2012: "HTML5 Top 10 Threats – Stealth Attacks and Silent Exploits"
- [21] David Mortman; Black Hat USA 2012: "The Defense RESTs: Automation and APIs for Improving Security"
- [22] Ajit Hatti; Black Hat Europe 2013: "Lets Play - Applanting"
- [23] Deral Heiland; Black Hat Europe 2013: "Practical Exploitation Using A Malicious Service Set Identifier (SSID)"
- [24] Jeremiah Grossman, Matt Johansen; Black Hat USA 2013: "Million Browser Botnet"
- [25] Angelo Prado, Neal Harris, Yoel Gluck; Black Hat USA 2013: "SSL, gone in 30 seconds - a BREACH beyond CRIME"
- [26] Carsten Eilers: "SSL/TLS - Stand der Dinge"