Stay in touch

Get our research, blog and event invitations before everybody else!

Your data will stay confidential Private and Confidential

XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications

Wednesday, January 18, 2012 By

These days many people do not consider post-authentication vulnerabilities dangerous, such as Stored XSS in the administrator’s portion of a web application.


Author: Marsel Nizamutdinov, Head of Research & Development Department at High-Tech Bridge SA


These days many people do not consider post-authentication vulnerabilities dangerous, such as Stored XSS in the administrator’s portion of a web application.

This situation is probably aggravated by some misinformation websites and some self-proclaimed security experts, which try to deny disclosed vulnerabilities by posing them as a feature implemented by design. The problem is that they simply do not understand the exploitation’s vectors of these vulnerabilities and they consider them as benign, as long as they impact webpages which do not remain available to unauthenticated users.



User Comments
Add Comment

High-Tech Bridge on Facebook High-Tech Bridge on Twitter High-Tech Bridge on LinkedIn High-Tech Bridge RSS Feeds Send by Email
Share