[owasp-intrinsic-security] Fwd: FYI, Origin header in IETF HTTP WG

Seba seba at owasp.org
Tue Jan 27 03:16:07 EST 2009


Thought you wanted to know this.
What can we propose as feedback to the IETF workgroup ?



---------- Forwarded message ----------
From: Thomas Roessler <tlr at w3.org>
Date: Mon, Jan 26, 2009 at 9:04 AM
Subject: FYI, Origin header in IETF HTTP WG
To: Seba <seba at owasp.org>

Hi Seba,

a happy new year.

A quick heads-up that you might want to spread around OWASP: There's
an ongoing discussion about an Origin header (intended as a CSRF
defense) in the IETF HTTP Working Group:


I suspect OWASP folks might find this interesting.

Thomas Roessler, W3C  <tlr at w3.org>

On 24 Jan 2009, at 10:31, Seba wrote:

> Hi,
> We start the new year with a blast: 3 great topics on the same evening!
> * Best practices guide Web Application Firewalls by Alexander Meisel,
> Art of Defence
> * Research on Belgian bank trojan attacks by Richard Bennett, software engineer
> * Ongoing security research by pdp, GNUCITIZEN
> All details online at http://www.owasp.org/index.php/Belgium
> See you all on February 4th !
> Regards,
> Seba
> _______________________________________________
> Owasp-belgium mailing list
> Owasp-belgium at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-belgium

More information about the owasp-intrinsic-security mailing list