BlackHat US 2013: Dissecting CSRF…

Here are the slides for my presentation at this year’s BlackHat US conference, Dissecting CSRF Attacks & Countermeasures. Thanks to everyone who came and to those who hung around afterwards to ask questions and discuss the content.

The major goal of this presentation was to propose a new way to leverage the concepts of Content Security Policy and Cross-Origin Resource Sharing to counter CSRF attacks. Essentially, we proposed a header that web apps could set to inform browsers when to include that app’s cookies during cross-origin requests. As always, slides alone don’t convey the nuances of the presentation. Stay tuned for a more thorough explanation of the concept.

4 thoughts on “BlackHat US 2013: Dissecting CSRF…

  1. Pingback: …And They Have a Plan | Deadliest Web Attacks

  2. Pingback: Oh, the Secrets You’ll Know | Deadliest Web Attacks

  3. Pingback: CSRF Attacks and Mitigations at BlackHat

Comments are closed.