Saturday, April 12, 2008

CSRF Solutions

The problem: CSRF.

Jeremiah Grossman's explanation of the problem at RSA 08 :

OWASP CSRF Overview:

Testing for CSRF:

Java Filter for CSRF Protection:

Java ESAPI Defense:
org.owasp.esapi.HTTPUtilities.addCSRFToken(String href)

Plaform's with built-in CSRF defense:

Monday, April 7, 2008 pwnd?

It's strange and disheartening to see "down" this evening. I hope it's only unscheduled maintenance. I would hate to see the pwnders get pwnd!

Another interesting note: uses Wordpress? Ewwwwwwwwwwwwwwwwwww