[Owasp-csrfprotector] protection for GET requests

Jim Manico jim.manico at owasp.org
Sun May 25 22:25:57 UTC 2014


What if we keep a list of specific urls for which developer want to check
for CSRF validation in GET requests, this would create no false positive or
false negative. As GET requests to only certain urls can be vulnerable. If
developer can identify this, we can map every host url in request, with
list the developer has maintained and provide validation for those only.
But this will complicate the logic to certain extend, but we can implement
this!


Great idea, I like it.
- Jim



Minhaz,
minhaz.cistoner.org || cistoner.org

_______________________________________________
Owasp-csrfprotector mailing list
Owasp-csrfprotector at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-csrfprotector
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-csrfprotector/attachments/20140525/58481db4/attachment.html>


More information about the Owasp-csrfprotector mailing list