Posts

Showing posts from September, 2018

CSRF: High-Tech Hypnotism

Image
[https://www.hobbyconsolas.com/noticias/simpson-lanzaran-episodio-escrito-hace-mas-20-anos-homer-cree-ser-nino-105672] Who are you CSRF? Cross-Site Request Forgery is known as CSRF in short. This is an attack that tricks an end-user to perform unintended tasks on a web application in which they are currently authenticated. The malicious tasks that the victim performs will be based on the attacker's interest. This is something similar to a hypnotist hypnotizing another individual to do something according to the hypnotist's wish. CSRF attacks are also known as Session Riding, XSRF, Sea Surf, and Hostile Linking. Microsoft name these types of attacks as "One-Click Attacks". What really happens in CSRF? CSRF attack is not something like stealing someone's session cookie and viewing their profile or updating their status and playing around with it. This attack is not about the data but rather changing the state and make the end-user do some malicious tas...

Encryption to take secure programming a step forward

Image
[http://blog.trendmicro.com/wp-content/uploads/2012/03/Cartoon-2.jpg] What is "Encryption"? Why is it associated with secure programming? What are the benefits of encryption? These are questions to be evaluated in this blog post along with some interesting facts about encryption. As we all know hashing is a one-way process in which the plain text/input cannot be retrieved from the hash value. What if we want to get the plain-text from the hash value? What could be the solution? The solution is Encryption . Encryption Encryption is a technique used to convert a plain text into an encoded format or cipher-text which could be reversed back to the original plain text. Unlike hashing, encryption is a two-way technique. Fig 1: The flow of encryption Fig 2: Encryption/Decryption related details for the Fig 1 Since encryption is a two-way process it allows the users to retrieve the encrypted value back to its original text. This is very useful in terms...