Other Approaches To CSRF
Additionally, while typically described as a static type of attack, CSRF can also be dynamically constructed as part of a payload for a cross-site scripting attack, as demonstrated by the Samy worm, or constructed on the fly from session information leaked via offsite content and sent to a target as a malicious URL. CSRF tokens could also be sent to a client by an attacker due to session fixation or other vulnerabilities, or guessed via a brute-force attack, rendered on a malicious page that generates thousands of failed requests. The attack class of "Dynamic CSRF", or using a per-client payload for session-specific forgery, was described in 2009 by Nathan Hamiel and Shawn Moyer at the BlackHat Briefings, though the taxonomy has yet to gain wider adoption.
A new vector for composing dynamic CSRF attacks was presented by Oren Ofer at a local OWASP chapter meeting on January 2012 - "AJAX Hammer - Dynamic CSRF".
Read more about this topic: Cross-site Request Forgery
Famous quotes containing the word approaches:
“As the truest society approaches always nearer to solitude, so the most excellent speech finally falls into Silence. Silence is audible to all men, at all times, and in all places. She is when we hear inwardly, sound when we hear outwardly. Creation has not displaced her, but is her visible framework and foil. All sounds are her servants, and purveyors, proclaiming not only that their mistress is, but is a rare mistress, and earnestly to be sought after.”
—Henry David Thoreau (1817–1862)