Anti-CSRF Defense: HTTP_Referer Check, A Common Mistake

Simply validating hostname in HTTP Referer, a widely deployed quick anti-csrf defense, can easily be bypassed if not correctly done.


Popular posts from this blog

XSS: Gaining access to HttpOnly Cookie in 2012

Jumping out of Touch Screen Kiosks

HttpOnly Session ID in URL and Page Body | Cross Site Scripting