canmove, Confirmed users
120
edits
Security/Features/Intranet CSRF Blocker: Difference between revisions
Security/Features/Intranet CSRF Blocker (view source)
Revision as of 19:50, 13 December 2011
, 13 December 2011formatting links
(Created page with "{{FeatureStatus |Feature name=Intranet CSRF Blocker |Feature stage=Draft |Feature health=OK }} {{FeatureTeam |Feature product manager=Brandon Sterne |Feature lead engineer=Steve ...") |
m (formatting links) |
||
| Line 16: | Line 16: | ||
For more background, see: | For more background, see: | ||
* [http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Grossman.pdf "Hacking Intranet Websites from the Outside"] | |||
* [http://www.blackhat.com/presentations/bh-usa-07/Grossman/Whitepaper/bh-usa-07-grossman-WP.pdf "Hacking Intranet Websites from the Outside (Take 2)"] | |||
"Hacking Intranet Websites from the Outside | * [http://www.symantec.com/avcenter/reference/Driveby_Pharming.pdf "Drive-By Pharming"] | ||
" | * [http://ha.ckers.org/blog/20080108/cross-site-printing/ "Cross site printing"] | ||
" | |||
|Feature non-goals=The reverse case, where a web page on a private network sends requests for non-private resources, is common and is not considered an attack case that we are trying to prevent. | |Feature non-goals=The reverse case, where a web page on a private network sends requests for non-private resources, is common and is not considered an attack case that we are trying to prevent. | ||
}} | }} | ||