As you probably already know, CSRF attack are only possible when the attacked web application does not have an additional mechanism to ensure that requests towards it are genuine. In order to do that, the web developer must include a unique token for each request, which is validated on the server upon receiving a request. [...]
XSS Attacks – Cross Site Scripting Exploits and Defence is a book project that I was involved into, together with Jeremiah Grossman, Robert RSnake Hansen, Anton Rager and last but not least, Seth Forgie – technical editor and coauthor. I must say, that the project was a lot of fun mashed with hard work and numerous sleepless nights. [...]
It is probably about time to announce that I am one of the authors of the upcoming XSS Book, RSnake talked about a month ago on his blog. The complete list of authors is: Seth Fogie, Jeremiah Grossman, Robert Hansen, Anton Rager and Petko Petkov (a.k.a me).
The book is going quite well and I hope that it will provide a good starting point for those who are interested in getting into client-side web security but don’t know much about it. [...]
Trust is a beautiful concept that rarely finds application in real life. Unfortunately, trust is all we’ve got when dealing with computers: username, password, master I am here to serve you; neither semantics nor pragmatics. The browser security model is kind of based on trust. The browser trusts websites that you trust. It relies on our judgment which is wrong most of the time. [...]
In my previous posts I mentioned that in order to compromise a LAN device from the Internet the attacker needs to exploit a XSS vulnerability in the device firmware. The limitations of this kind of attack are quite obvious. Let’s have a look at the exploitation process again.
First of all the local LAN needs to be explored for live hosts and than each host needs to be scanned with a URL Signature database in order to detect the firmware type and version. [...]
Since there is a growing interest in XSS (Cross-site Scripting) attacks, I will try to put in theory how border routers/gateways can be trivially compromised over the web. For the purpose of this, three prerequisites need to be met: a page that is controlled by the attacker, lets call it evil.com; router vulnerable to XSS; user attending evil.com.