Wednesday, July 11, 2007

Webinar: Cross-Site Request Forgery

For those interested in learning about Cross-Site Request Forgery (CSRF), WhiteHat is hosting a webinar on July 24, 2007 at 11:00 AM PDT. This is about the basics, in and outs, and solutions in straight forward terms. If you want to attend registration is free. Description is below:

Cross-Site Request Forgery (CSRF). Session Riding. Client-Side Trojans. Confused Deputy. Web Trojans. Confused? Every year, for the past several years, the exact same Web attack is discovered, analyzed, and subsequently then renamed. Whatever it's called, it all means the same thing: An attacker is forcing an unsuspecting user’s browser to compromise their own banking, eCommerce or other website accounts without the real user’s knowledge.

Attackers have begun to actively exploit CSRF vulnerabilities across the Web. Why now? Because it's incredibly easy and the vast majority of websites are vulnerable to it. How do you stop an attack originating from a “real user,” who appears to be properly logged-in, and making a legitimate request - except that they did not intend to make the request?

Jeremiah Grossman will:

- Define Cross-Site Request Forgery

- Provide live, technical demonstrations

- Offer solutions to this growing problem

- Present strategies for complete website vulnerability management


Anonymous said...

Jeremiah will the Webcast be archived for folks not in a convenient time zone?

Jeremiah Grossman said...

Yes, I believe there will be a WebEx recording of the presentation. When Its up I'll post the link.