Tricks for Bypassing CSRF Protection
Cross-Site Request Forgery (CSRF) vulnerabilities are the classics of AppSec. Today, it is hard to find an application that doesn’t have any protective measures against CSRF. The reality is that web applications, browsers, and environments, where the application is implemented, allow bypassing of security measures and exploitation of CSRF. Security Auditors often pay little attention to this and you can find CSRF vulnerabilities after the audits. In the paper, Mikhail describes approaches to bypassing CSRF protection in different contexts. He will also present a plug-in for Burp that allows automation of vulnerability scanning.