[owasp-intrinsic-security] Fwd: FYI, Origin header in IETF HTTP WG

Seba seba at owasp.org
Tue Jan 27 03:16:07 EST 2009


Gents,

Thought you wanted to know this.
What can we propose as feedback to the IETF workgroup ?

regards

Seba

---------- Forwarded message ----------
From: Thomas Roessler <tlr at w3.org>
Date: Mon, Jan 26, 2009 at 9:04 AM
Subject: FYI, Origin header in IETF HTTP WG
To: Seba <seba at owasp.org>


Hi Seba,

a happy new year.

A quick heads-up that you might want to spread around OWASP: There's
an ongoing discussion about an Origin header (intended as a CSRF
defense) in the IETF HTTP Working Group:

 http://www.ietf.org/internet-drafts/draft-abarth-origin-00.txt
 http://lists.w3.org/Archives/Public/ietf-http-wg/2009JanMar/

I suspect OWASP folks might find this interesting.

Cheers,
--
Thomas Roessler, W3C  <tlr at w3.org>







On 24 Jan 2009, at 10:31, Seba wrote:

> Hi,
>
> We start the new year with a blast: 3 great topics on the same evening!
>
> * Best practices guide Web Application Firewalls by Alexander Meisel,
> Art of Defence
> * Research on Belgian bank trojan attacks by Richard Bennett, software engineer
> * Ongoing security research by pdp, GNUCITIZEN
>
> All details online at http://www.owasp.org/index.php/Belgium
>
> See you all on February 4th !
>
> Regards,
>
> Seba
> _______________________________________________
> Owasp-belgium mailing list
> Owasp-belgium at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-belgium
>


More information about the owasp-intrinsic-security mailing list