Tuesday, July 25, 2006

Forging HTTP request headers with Flash

Amit Klein, a top webappsec expert, published "Forging HTTP request headers with Flash". Essentially Amit found a way using Flash to force a users browser to send HTTP requests to any location and alter the Referer header in the process. This discovery has wide-ranging implications for web application security, not the least of which impact the ability to do anti-CSRF using Referers. In an odd conicidence, I was working on a solution to do easy anti-CSRF using ModSecurity (Amit had prior knowledge of) based on using Referers. Was set to be released through WASC. I know what your thinking, "don't ever ever ever trust the client". But I felt there could be an exception in this case and had the proof to back it up. But Amit being the nice guy that he is let me know what he was working on ahead of time. So, the article I had planned is being moth balled. Every week is something new.

No comments: