Security Now 166

From The Official TWiT Wiki
Jump to: navigation, search
Security Now
Episode 166

Security Now 166 :Cross Site Request Forgery

News & Errata

Cross Site Request Forgery

30:00 -

The mechanism for sending data back to servers is an awkward extension of the mechanism for making a request
There are two types of requests:

  • GET: URL followed by a ? and any data you want to pass back as parameters
  • POST: Data is not tacked onto the end of the URL but sent as individual lines in the data of the request after the headers

  • When you send data to the server your submission is validated with cookies

  • Imagine going to a malicious website or opening a malicious email
  • They contain a image reference and your browser issues a GET request for the image
  • The URL in the image tag could not be a image URL but a GET request to buy a product from Amazon.
  • Your browser will automatically send your Amazon cookie representing your currently logged on session along with the request
  • Anywhere you go can ask your browser to POST or GET things from any other site

To Solve:

  • Don't accept requests that don't contain information a hacker can not know
  • E.g. When a real webpage shows the form have it contain a hidden random encrypted string that is returned with the data, that an attacker wouldn't know how to generate

Production Information

  • Edited by:
  • Notes:
Info.png This area is for use by TWiT staff only. Please do not add or edit any content within this section.