Note on Deemon CSRF Paper



Cross-Site Request Forgery (CSRF) - Attacker could utilize a crafted webpage that when victims open it, they would be conducted actions on logged in websites.

Common ways to mitigate:

Problem to be addressed

Automatically discover CSRF vulnerabilities inside PHP application.


Which CSRF vulnerabilities are real vulnerabilities?

How can requests cause state changes?

How to scale?


Define $[U], C \to R$ (U=seq of user actions, C=application container, R=report)

Generate user actions:

Gaining info on state transitions:

Reason with state transitions:

My thoughts