16 October 2008

XSRF and me

Security is not my long and strong suit. But recent postings by Scott Gilbertson on clickjacking and by Jeff Atwood on strategies to counteract cross-site request forgeries (XSRF) caught my attention.

While there aren't any good countermeasures against clickjakcing yet, there are practices that you can follow to mitigate XSRF attacks. But doesn't ASP.NET take care of all that for me? Not really. Todd Miranda demonstrates, in a 20-minute video, how the exploit works against an ASP.NET site and shows some basic techniques to cope.

No comments: