A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Let’s Go CSRF’n Now! - grap3_ap3 Notacon 10 (Hacking Illustrated Series InfoSec Tutorial Videos)

Let’s Go CSRF’n Now!
grap3_ap3
Notacon 10

Synopsis

In a discussion focused on Cross Site Request Forgery (CSRF), explore the trust vulnerability and walk through a demonstration of the exploit in action. Understand how these attacks happen and what they look like from the perspective of both victim AND attacker.

Walk away with a grasp on the security implications of this weakness as well as understanding why the attack is possible and what steps should be done to prevent it. This session is a 45 minute demo with a 15 minute Q&A after. It is an advanced technical session intended for technicians, engineers, and developers with interest in web application security.

Bio
A vulnerability researcher, penetration tester, and social engineer, I am a professional breaker. A parent, biker, and security professional, I find my skillset constantly adapting to the most current techniques. A penetration tester and vulnerability researcher based in Columbus, Ohio, I have performed security assessments for clients ranging from financial institutions, e-commerce, telecommunications, manufacturing, education and government agencies, as well as international corporations. I focus on epitomizing the attackers in the wild in hopes of helping organizations and individuals understand how to avoid being victimized. My talks tend to be engaging, full of energy, and dynamic to meet the expectations of the audience.

Back to Notacon 10 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast