Note on Deemon CSRF Paper

ReviewSecurity


Background

Cross-Site Request Forgery (CSRF) - Attacker could utilize a crafted webpage that when victims open it, they would be conducted actions on logged in websites.

Common ways to mitigate:

Problem to be addressed

Automatically discover CSRF vulnerabilities inside PHP application.

Challenges

Which CSRF vulnerabilities are real vulnerabilities?

How can requests cause state changes?

How to scale?

Solution

Define $[U], C \to R$ (U=seq of user actions, C=application container, R=report)

Generate user actions:

Gaining info on state transitions:

Reason with state transitions:

My thoughts