Cross reference research paper

Additionally, while typically described as a static type of attack, CSRF can also be dynamically constructed as part of a payload for a cross-site scripting attack, as demonstrated by the Samy worm, or constructed on the fly from session information leaked via offsite content and sent to a target as a malicious URL. CSRF tokens could also be sent to a client by an attacker due to session fixation or other vulnerabilities, or guessed via a brute-force attack, rendered on a malicious page that generates thousands of failed requests. The attack class of "Dynamic CSRF", or using a per-client payload for session-specific forgery, was described [13] in 2009 by Nathan Hamiel and Shawn Moyer at the BlackHat Briefings, [14] though the taxonomy has yet to gain wider adoption.

Cross reference research paper

cross reference research paper

Media:

cross reference research papercross reference research papercross reference research papercross reference research paper