Thursday, September 20, 2007

CSRF handling and SunGard Banner

Paul Asadoorian from OSHEAN published a whitepaper on CSRF vulnerabilities in SunGard Banner - an ERP system common used in higher education. The whitepaper is a useful read for developers who work with Banner, but would also be useful background material for any programmer who works with authenticated web sessions. Very few applications that I've seen account for CSRF, and getting the techniques described in the paper implemented as part of your standard framework could save you a lot of pain in the future.

No comments: