Thursday, July 21, 2005

Session Riding (PDF)

Not sure if I've blogged this before or not.
In this paper we describe an issue that was raised in 2001 under the name of Cross-Site Request Forgeries (CSRF) [1]. It seems, though, that it has been neglected by the software development and Web Application Security community