[Owasp-leaders] PHP CSRF Guard

Abbas Naderi Afooshteh abbas.naderi at owasp.org
Tue Jul 10 01:55:39 UTC 2012


Hi leaders,
There was a page on the wiki
https://www.owasp.org/index.php/PHP_CSRF_Guard
That pointed to a Java codebase for CSRF protection by some guy. I contacted the guy and asked him why Java for PHP guard, and he said someone at OWASP had setup that wiki page mistakenly.

So I edited the page and added some PHP code to do the same functionality,
would really appreciate it if you took a peek on it and provided any feedback.

I'm going to add it to PHP Security Cheat Sheet when it matures, under CSRF Cheat Sheet.

Regards
-Abbas
______________________________________________________________
Notice: This message is digitally signed, this means that its source and integrity are verifiable.
Certain mail clients would automatically verify this email and present a "signed and sealed" sign, but others might just provide  a downloadable file (smime.p7s), which includes the X.509 certificate and the signature body.
In this case, you can either ignore it or manually verify it. Read more on this at Certified E-Mail with Comodo and Thunderbird at AbiusX.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120710/702fb67a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120710/702fb67a/attachment.bin>


More information about the OWASP-Leaders mailing list