File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes How does OWASP tool detects CSRF issue in a website with no form data Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "How does OWASP tool detects CSRF issue in a website with no form data" Watch "How does OWASP tool detects CSRF issue in a website with no form data" New topic
Author

How does OWASP tool detects CSRF issue in a website with no form data

Sandeep Cm
Greenhorn

Joined: Sep 14, 2012
Posts: 1
Hi,

I was doing pen-test using OWASP tool on a website and it seems like although an XCRF token was added to the .action ajax call, the tool is detecting that website we built has Cross Site Request Forgery (CSRF) issue. I wanted to understand on how OWASP tool detects these issues? All issues related to CSRF are tested with where the website has form data but my website doesn't have any form data and uses only ajax calls still the tool is detecting issues related to CSRF.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: How does OWASP tool detects CSRF issue in a website with no form data
 
Similar Threads
Detecting Browser Dependant JavaScript Code
Detecting JRE
Detecting Crashes in JBoss 4.0.2
Detecting particular date on the website
Detecting multiple browser windows