1 / 8

Cross Site Request Forgery Problem Summary Scott Malabarba, IBM

Cross Site Request Forgery Problem Summary Scott Malabarba, IBM. What is CSRF/cross site request forgery?. Malicious browser script exploits user's authenticated session to access target application Modify or destroy data with form POST

taline
Download Presentation

Cross Site Request Forgery Problem Summary Scott Malabarba, IBM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cross Site Request Forgery Problem SummaryScott Malabarba, IBM

  2. What is CSRF/cross site request forgery? • Malicious browser script exploits user's authenticated session to access target application • Modify or destroy data with form POST • Read confidential data. Browsers restrict but do not entirely prevent cross-site GET. • Other “flavors” such as login CSRF are less applicable to CMIS • (Very) basic demo...

  3. CSRF Defenses • Some common defenses are not feasible in browser binding • e.g. requiring a custom header on form posts • Secret token: with each POST/GET, client must submit a token that is known only to the client and server • Can be cryptographically signed and include specific information such as target URL and session ID

  4. How to transfer the token securely? • Some common methods do not apply in CMIS use case • e.g. server inserts token directly into generated form HTML • Too easy to work around browser restriction on cross-site GET • Option 1: Can safely return token from an authentication call • Client can store token in, e.g., a cookie • Problematic when SSO is enabled or CMIS repo delegates authentication to a container • Option 2: IFRAME postMessage() technique

More Related