Google
Current archive: October 1, 2012
Cross Origin Request Forgery – Attacking HTTPS via HTTP MiTM Injection
Written on:October 1, 2012
Introduction There are several scenarios in which a web application may choose to deliver both HTTP and HTTPS content. It may employ per-page mixed content, it may use HTTP pre-auth and switch to HTTPS post-auth, or it may continually switch back and forth between HTTP and HTTPS depending on the sensitivity or criticality of the functions being performed by the user (i.e. browsing media content vs. making online purchases). For…
Read more...In category: Web Security
Tags:csrf , http injection , mitm , request forgery , session management , web security
Tags:csrf , http injection , mitm , request forgery , session management , web security
are closed