DEVIL'S BLOG ON SECURITY


A DEVIL'S BLOG ON COMPUTER AND INFORMATION SECURITY, ETHICAL HACKING AND COUNTERMEASURES


Learn Ethical Hacking | Learn Hacking Online | Learn How To Hack|Hack Counter Hack| Ethical Hacking Tutorials


Home   ||   See All Tutorials  ||   Products  ||   About This Blog   ||  Subscribe To RSS Feed



Join facebook group THE HACKER DEVIL


JSON XSRF Attacks Countermeasurs

JSON XSRF Attacks Countermeasurs


In our previous posts we discussed XSRF, its types then JSON XSRF and attacking methodology. Following is our last post on XSRF in which we will cover preventive measures against JSON XSRF attacks. Following are preventive measures that can be taken against XSRF attacks.

  • First of all the application must implement all kinds of basic XSRF attacks.
  • Always use unpredictable parameter for JSON objects.
  • As told in previous posts JSON XSRF attacks are possible because application can send XMLHttpRequest to retrieve JSON data it can only retrieve data by using GET method, so its better to implement only POST method as an countermeasure against JSON XSRF.

I hope you enjoyed learning XSRF in our next post we will cover some other topic in detail, if you have any problem understanding anything or just in case you need any revise, please check out Web Application Security Page on this blog. For now we end XSRF here, thanks for reading, have a nice time and keep visiting.

Power Of Portable Firefox Makes It Hacker Safe

Power Of Portable Firefox Makes It Hacker Safe


In our previous posts we discussed XSRF, its types then JSON XSRF and attacking methodology. Following is our last post on XSRF in which we will cover preventive measures against JSON XSRF attacks. Following are preventive measures that can be taken against XSRF attacks.

  • First of all the application must implement all kinds of basic XSRF attacks.
  • Always use unpredictable parameter for JSON objects.
  • As told in previous posts JSON XSRF attacks are possible because application can send XMLHttpRequest to retrieve JSON data it can only retrieve data by using GET method, so its better to implement only POST method as an countermeasure against JSON XSRF.

I hope you enjoyed learning XSRF in our next post we will cover some other topic in detail, if you have any problem understanding anything or just in case you need any revise, please check out Web Application Security Page on this blog. For now we end XSRF here, thanks for reading, have a nice time and keep visiting.

JSON XSRF Attacks

JSON XSRF Attacks



In our last post on JSON XSRF attacks we saw some basics about XSRF attacks. So now in this section we will have our look on how to find and exploit JSON vulnerability for attack. As told in previous post JSON vulnerability exists when JSON data transfer format is used instead of standard XML data transfer format and that happens only in AJAX based web applications so following are your steps to find out whether a site is vulnerable or not.

JSON XSRF Attacks

JSON XSRF Attacks


Welcome to another episode of Cross Site Request Forgery Attacks on DEVILS BLOG ON SECURITY. In this post we will discus a little about JSON hacking. Now you might have question why we haven't covered JSON XSRF attacks along with other XSRF attacks. This question is little difficult to answer but here's my explanation. All other XSRF attacks usually depend on session management attacks in one or another way, directly or indirectly XSRF attacks can be called as derivative obtained by adding and integrating Session Management Attacks, Frame Injection Flaws and Cross Site Scripting whereas the case is little different in JSON XSRF attacks. Many professionals even object inclusion of JSON attack as XSRF attack but we have nothing to do with it. So lets see how JSON XSRF attacks are different from other XSRF attacks.

Free Ethical Hacking Training | Learn Ethical Hacking Online Free | Learn How To Hack | Hack Counter Hack | Ethical Hacking Tutorials | Devil's Blog On Security