Register now for SANS Cyber Defense Initiative 2016 and save $400.

Minneapolis 2015

Minneapolis, MN | Mon, Jul 20 - Sat, Jul 25, 2015

Complete Application Pw0nage Via Multi-Post Cross Site Request Forgery (XSRF)

  • Adrien de Beaupre
  • Tuesday, July 21st, 7:15pm - 8:15pm

This talk will discuss the risk posed by Cross Site Request Forgery (CSRF or XSRF) which is also known as session riding, or transaction injection. Many applications are vulnerable to XSRF, mitigation is difficult as it often requires re-engineering the entire application, and the threat they pose is often misunderstood. A live demo of identifying the vulnerability, and exploiting it by performing multiple unauthorized transactions in a single POST will be demonstrated.

Bonus Sessions

The following bonus sessions are open to all paid attendees at no additional cost. There are many different types of events that fall into these categories:

  • SANS@Night: Evening presentations given after day courses have ended. This category includes Keynotes.
  • Special Events: SANS-hosted events and other non-technical recreational offerings. This category includes, but is not limited to, Receptions and Information Tables.
  • Lunch & Learn: Short presentations given during the lunch break.
Additional Sessions
Session Speaker Type
Prevent - Detect - Respond Will Tipton, Security Engineer, Infogressive Lunch and Learn
Monday, July 20
Session Speaker Time Type
General Session- Welcome to SANS Keith Palmgren Monday, July 20th, 8:15am - 8:45am Special Events
Debunking the Complex Password Myth Keith Palmgren Monday, July 20th, 7:15pm - 9:15pm Keynote
Tuesday, July 21
Session Speaker Time Type
Complete Application Pw0nage Via Multi-Post Cross Site Request Forgery (XSRF) Adrien de Beaupre Tuesday, July 21st, 7:15pm - 8:15pm SANS@Night
Card Fraud 101 G. Mark Hardy Tuesday, July 21st, 8:15pm - 9:15pm SANS@Night
Wednesday, July 22
Session Speaker Time Type
Filesystem Journal Forensics David Cowen Wednesday, July 22nd, 7:15pm - 8:15pm SANS@Night
Threat Intelligence: Neighborhood Watch for your Networks Matthew J. Harmon Wednesday, July 22nd, 8:15pm - 9:15pm SANS@Night
Thursday, July 23
Session Speaker Time Type
The 14 Absolute Truths of Security Keith Palmgren Thursday, July 23rd, 7:15pm - 8:15pm SANS@Night