| Penetrate testing is a way to prove that the defense programs of web sever are running as expected. In the penetrate testers usually using three steps to finish the test. The three steps is collecting information, scanning the web server using network scanner and prove the vulnerability was real.CSRF(Cross-site request forgery), cross-site request forgery is a way of malicious application to a Web site. The attacker who wants to use CSRF usually tries to trick the victim to click some special url code. In this ways can the attacker does some operation on the web server though victim. But the victim will never be conscious of it.In this article, the writer tries to test ways to prove CSRF in a Penetrate testing. By learning why CSRF appears and how to prevent, the writer tries to improve his test plan and test a simple to find out whether the web server has the risk of CSRF. |
PDF Full Text Request