Cross-Site Request Forgery (CSRF). Session Riding. Client-Side Trojans. Confused Deputy. Web Trojans. Confused? Every year, for the past several years, the exact same Web attack is discovered, analyzed, and subsequently then renamed. Whatever it’s called, it all means the same thing: An attacker is forcing an unsuspecting userâ€™s browser to compromise their own banking, eCommerce or other website accounts without the real userâ€™s knowledge.
Attackers have begun to actively exploit CSRF vulnerabilities across the Web. Why now? Because it’s incredibly easy and the vast majority of websites are vulnerable to it. How do you stop an attack originating from a â€œreal user,â€ who appears to be properly logged-in, and making a legitimate request – except that they did not intend to make the request?
Hear WhiteHat Security founder and CTO, Jeremiah Grossman present “Cross-Site Request Forgery: The Sleeping Giant” in a “live” technical webinar on Tuesday, July 24, 2007 at 11:00 AM PDT (2:00 PM EDT).
Jeremiah Grossman will:
– Define Cross-Site Request Forgery
– Provide live, technical demonstrations
– Offer solutions to this growing problem
– Present strategies for complete website vulnerability management
Complete a brief online registration form or paste the following link into your browserâ€™s address bar, https://whitehatsec.market2lead.com/go/whitehatsec/CSRF072407. WhiteHat will send you a confirmation email with the URL and appropriate credentials to participate.
Mr. Grossman is a world-renowned expert in Web security, co-founder of the Web Application Security Consortium, and recently named to InfoWorld’s Top 25 CTOs for 2007. He has authored dozens of articles and white papers, is credited with the discovery of many cutting-edge attack and defensive techniques, and co-author of the recently published book, Cross-Site Scripting Attacks. Mr. Grossman is frequently quoted in business and technology publications such as InfoWorld, USA Today, PC World, Dark Reading, SC Magazine, SecurityFocus, CNET, CSO Magazine, and InformationWeek.