5 Dangerous Web Application Flaws Coveted By Attackers

Beware Of Cross-Site Request Forgery Errors

Cross-site request forgery accounted for 22 percent of all Web applications tested by Cenzic in 2012. The class of vulnerabilities that make up CSRF allows attackers to send pre-authenticated but unauthorized commands using credentials that the application trusts, according to Cenzic. Attackers can use a CSRF attack to "ride" the session of an individual on a particular website by using the victim's browser credentials. In addition to the browser, an attacker can use a malicious script in a Microsoft Office document or Flash file that exploits CSRF.

Get a roundup of CRN's security coverage right to your inbox with the Security Advisor newsletter.