'Articles' Posts

Affiliate Programs Vulnerable to Cross-site Request Forgery Fraud

Intro The following describes a long-standing and common implementation flaw in online affiliate programs allowing for fraud. For those unfamiliar with affiliate programs, they provide a way for companies to allow 3rd parties/website owners to direct traffic to their site in exchange for a share of the profits of user purchases....

Posted by Robert on 08/04/2008 in Articles , CSRF , Defense , Rant , Research | Permalink | Comments (0) | Read more of this story...

Rich data: the dark side to Web 2.0 applications

"All web applications allow some form of rich data, but that rich data has become a key part of Web 2.0. Data is "rich" if it allows markup, special characters, images, formatting, and other complex syntax. This richness allows users create new and innovative content and services. Unfortunately, richness affords attackers...

Posted by Robert on 08/01/2008 in Articles , CSRF , Defense , XSS | Permalink | Comments (0) | Read more of this story...

Topics

Tags

Favorite Links

Translate

Recent Posts

Popular Pages

Sponsored Ads

The Web Security Mailing List (WASC)

Archives

'Articles' Posts

Affiliate Programs Vulnerable to Cross-site Request Forgery Fraud

Rich data: the dark side to Web 2.0 applications