CSRF Vulnerability: A 'Sleeping Giant'

If you think Cross Site Scripting (XSS) is scary and prolific, just wait for the next big Website threat: Cross Site Request Forgery (CSRF).

The CSRF vulnerability lies in most every Website, but it has remained mostly under the radar for nearly a decade it's not even included in the Web Security Threat Classification, OWASP Top 10 or Mitre Corp.'s Common Vulnerability and Exposures (CVE) list.

But security researchers say it's only a matter of time before someone awakens the "sleeping giant" and does some major damage with it -- like wiping out a user's bank account or booking a flight on behalf of a user without his knowledge. Dark Reading - Desktop Security - CSRF Vulnerability: A 'Sleeping Giant' - Security News Analysis

Linked by shanmuga Thursday, 19th October 2006 1:10AM