Saturday, April 12, 2008

CSRF Solutions

The problem: CSRF.

Jeremiah Grossman's explanation of the problem at RSA 08 :
http://www.slideshare.net/guestdb261a/csrfrsa2008jeremiahgrossman-349028/

OWASP CSRF Overview:
http://www.owasp.org/index.php/CSRF

Testing for CSRF:
http://www.owasp.org/index.php/CSRFTester

Java Filter for CSRF Protection:
http://www.owasp.org/index.php/CSRF_Guard

Java ESAPI Defense:
org.owasp.esapi.HTTPUtilities.addCSRFToken(String href)

Plaform's with built-in CSRF defense:
Drupal.org

No comments: