Community Edition
Total Tests:
This Week:
Today:
Stay in Touch

Weekly newsletter on AI, Application Security & Cybercrime


Your data will stay confidential Private and Confidential

Security Blog
5 Common Web Security Mistakes That Cost Millions
November 14, 2019
State of Stolen Credentials in the Dark Web from Fortune 500 Companies
October 30, 2019
4 Reasons Why Your Company Should Use IT Security Software
October 24, 2019
What You Absolutely Need to Know about CNNs
September 17, 2019
State of Application Security at Top 100 Global Fintech Startups
August 20, 2019
News and press releases
Are You Ready for Black Friday?
November 22, 2019
ImmuniWeb New Offering Attains Record Growth on the Global Application Security Market
November 20, 2019
ImmuniWeb unveils Attack Surface Management augmented with Dark Web monitoring
November 6, 2019
ImmuniWeb’s Enhanced AI Boosts Its In-Depth Application Security Testing Offering
September 30, 2019
ImmuniWeb Discovery to Reduce Complexity and Costs of DevSecOps and Dark Web Monitoring
September 16, 2019
OWASP Top 10
OWASP’s #1 Web Application Risk - the Threat of and Solution to Web Application Injection Attacks
June 14, 2018
OWASP’s #2 Web Application Risk – the Threat of and Solution to Broken Authentication
June 21, 2018
OWASP’s #3 Web Application Risk – the Threat of and Solution to Sensitive Data Exposure
June 28, 2018
XML External Entities (XXE): the Threat of and Solution
July 5, 2018
OWASP Top 10: Broken Access Control, the risks and solutions
July 12, 2018
Security Misconfiguration, a conscious element of OWASP Top 10, the risks and solutions
July 19, 2018
XSS, a notable OWASP Top 10 old-timer, still brings up to $7,500 to researchers
July 26, 2018
Insecure Deserialization: OWASP Top 10 element of arduous exploitation but leading to system takeover
August 2, 2018
Components with Known Vulnerabilities - a major OWASP Top 10 Risk
August 21, 2018
Last but not least: OWASP Top Ten #10 - Insufficient Logging and Monitoring
August 14, 2018
Search Blog
#infosec #OWASP
#Risk Management #microservices
#Application Security #Cybersecurity #AI #DevSecOps

XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications

Wednesday, January 18, 2012 By Read Time: 4 min.

These days many people do not consider post-authentication vulnerabilities dangerous, such as Stored XSS in the administrator’s portion of a web application.


Author: Marsel Nizamutdinov, Head of Research & Development Department at High-Tech Bridge SA


These days many people do not consider post-authentication vulnerabilities dangerous, such as Stored XSS in the administrator’s portion of a web application.

This situation is probably aggravated by some misinformation websites and some self-proclaimed security experts, which try to deny disclosed vulnerabilities by posing them as a feature implemented by design. The problem is that they simply do not understand the exploitation’s vectors of these vulnerabilities and they consider them as benign, as long as they impact webpages which do not remain available to unauthenticated users.


Tags: CSRF XSS exploitation web applications
Previous Blog Posts:

Cybercrime in nowadays businesses: A real case study of targeted attack

Spying Internet Explorer 8.0


User Comments
Add Comment

This website uses cookies to provide you with a better surfing experience. To learn more, please visit our Privacy Policy. By continuing to use this website you consent to our use of cookies.

Ask a Question