Skip to main content


Showing posts from December, 2014

Cross Site Request Forgery in Github

As usually I always try to blog about my "security finding" . The main reasons are basically two: I think is really good to share knowledge in this area.  Sometimes I do use my blog posts as a place to store information that I can always access in the future. Unluckily though I am a really lazy blogger and sometimes I just do not blog :S The really good news is that the last vulnerability I found is in github . I already blogged about how good and responsive is the Github security team. And I am now even more impressed by their efficency. The reason why this is a really good news is that in this case I can do both : 1) find a vulnerability 2) being lazy and not trying to describe the vulnerability I found, this because the github team is already describing the vulnerability in their wall of fame :) Hurray.