[Owasp-leaders] Creating OWASP 4.0!

Dan Cornell dan at denimgroup.com
Mon Dec 13 23:54:59 EST 2010

(added a couple of individuals to this list to hopefully make sure everyone from both this email and the similar thread on "Creating OWASP 4.0" gets the email)

> 5 Protecting against CSRF                 ????????
>     * Hygiene
>        * Discuss/show Frames-busting, cross-domain policy,
>        * Discuss referrer and other red herrings
>     * Tokens (crafting, scoping, and checking)
>     * Discussions, techniques on scale
>     * Discussions, techniques on CAPTCHA, re-auth, etc.

I'd be happy to take this one on.  I'll need to make sure my facilitator duties would be compatible with other commitments during the Summit, but assuming that is the case I'd be happy to referee the discussion and help bang out some code.



More information about the OWASP-Leaders mailing list