[Owasp-leaders] Creating OWASP 4.0!
eric.sheridan at owasp.org
Tue Dec 14 09:09:27 EST 2010
I'd be happy to assist/lead in the Protecting Against CSRF session. As owner of CSRFGuard, I will be able to provide some useful discussion points including real world integration challenges.
On Dec 13, 2010, at 11:54 PM, Dan Cornell <dan at denimgroup.com> wrote:
> (added a couple of individuals to this list to hopefully make sure everyone from both this email and the similar thread on "Creating OWASP 4.0" gets the email)
>> 5 Protecting against CSRF ????????
>> * Hygiene
>> * Discuss/show Frames-busting, cross-domain policy,
>> * Discuss referrer and other red herrings
>> * Tokens (crafting, scoping, and checking)
>> * Discussions, techniques on scale
>> * Discussions, techniques on CAPTCHA, re-auth, etc.
> I'd be happy to take this one on. I'll need to make sure my facilitator duties would be compatible with other commitments during the Summit, but assuming that is the case I'd be happy to referee the discussion and help bang out some code.
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
More information about the OWASP-Leaders