The problem: CSRF.
Jeremiah Grossman's explanation of the problem at RSA 08 :
http://www.slideshare.net/guestdb261a/csrfrsa2008jeremiahgrossman-349028/
OWASP CSRF Overview:
http://www.owasp.org/index.php/CSRF
Testing for CSRF:
http://www.owasp.org/index.php/CSRFTester
Java Filter for CSRF Protection:
http://www.owasp.org/index.php/CSRF_Guard
Java ESAPI Defense:
org.owasp.esapi.HTTPUtilities.addCSRFToken(String href)
Plaform's with built-in CSRF defense:
Drupal.org
Saturday, April 12, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment