File:OTD2011-SK.pdf

Sherif Koussa - Analysis of Deadly Combination of XSS and CSRF

Analysis of Deadly Combination of XSS and CSRF - Flashback to April 11th, 2009 as a major attack targeted Twitter and led to a huge embarrassment for this famous social media network. This presentation will delve into the details of the attack, what happened and how cross-site scripting (XSS) and cross-site request forgery (CSRF) played a major role. We will explore the insides of the real attack, including inspecting the actual malicious code utilized by the attacker. Attendees will gain an understanding of how malicious code exploits weaknesses and how to better secure your web applications from similar attacks.