AppSec USA 2017 has ended
Back To Schedule
Friday, September 22 • 1:30pm - 2:15pm
How to detect CSRF vulnerability, reliably?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

CSRF vulnerability is one among the OWASP top 10 and detection of this vulnerability in web applications has proved to be a difficult problem. Most dynamic application security testing tools provide the option of scanning for CSRF vulnerability, however their reports are often plagued with either false positives or false negatives making them quite unreliable. In this presentation we will analyze the general approach taken by the tools for CSRF vulnerability detection and identify the reasons behind their failures. Then we propose a new programmatic approach to scan for CSRF vulnerability that overcomes these shortcomings. We will demonstrate that this approach is not only simple and reliable but also can easily be integrated with automated testing for application security.

avatar for Umesh Salian

Umesh Salian

Umesh Salian is part of Cybersecurity Architecture team of Discover Financial Services, currently focused on automation of (Static and Dynamic) Application Security Testing in CI/CD pipeline. He has prior experience of 15 years as Java/J2EE developer before joining Cybersecurity about... Read More →

Friday September 22, 2017 1:30pm - 2:15pm EDT
Coronado K