[Owasp-leaders] Creating OWASP 4.0!

Eric Sheridan eric.sheridan at owasp.org
Tue Dec 14 09:09:27 EST 2010


Dan,

I'd be happy to assist/lead in the Protecting Against CSRF session. As owner of CSRFGuard, I will be able to provide some useful discussion points including real world integration challenges. 

-Eric

On Dec 13, 2010, at 11:54 PM, Dan Cornell <dan at denimgroup.com> wrote:

> (added a couple of individuals to this list to hopefully make sure everyone from both this email and the similar thread on "Creating OWASP 4.0" gets the email)
> 
> 
>> 5 Protecting against CSRF                 ????????
>>   * Hygiene
>>      * Discuss/show Frames-busting, cross-domain policy,
>>      * Discuss referrer and other red herrings
>>   * Tokens (crafting, scoping, and checking)
>>   * Discussions, techniques on scale
>>   * Discussions, techniques on CAPTCHA, re-auth, etc.
>> 
> 
> 
> I'd be happy to take this one on.  I'll need to make sure my facilitator duties would be compatible with other commitments during the Summit, but assuming that is the case I'd be happy to referee the discussion and help bang out some code.
> 
> Thanks,
> 
> Dan
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders



More information about the OWASP-Leaders mailing list