[Owasp-csrfguard] CSRFGuard Documentation Updated!

eric sheridan eric.sheridan at owasp.org
Mon Dec 6 11:27:06 EST 2010


Team,

I've updated a significant amount of Wiki documentation around the OWASP
CSRFGuard project (
http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project). What I am
most interested in is your feedback regarding the direction of the v3
release. The current status is most evident by the user manual at
http://www.owasp.org/index.php/CSRFGuard_3_User_Manual.

Some highlights worthy of discussion:

1. No longer intercepting responses
2. Token injection happens via tag library and JavaScript
3. Implemented referrer and Ajax support via the X-Requested-With header.
4. Implemented pseudo-per-request token rotation (rotates once previous
token is used up).

-Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-csrfguard/attachments/20101206/edded14a/attachment.html 


More information about the Owasp-csrfguard mailing list