[Owasp-leaders] OWASP CSRF Proxy

Abbas Naderi abbas.naderi at owasp.org
Tue Apr 2 15:02:55 UTC 2013


Hey fellow OWASPians,
Take a look at this paper by professor Sekar:

http://seclab.cs.sunysb.edu/seclab/pubs/acsac11.pdf

It proposes a nice method for CSRF protection of POST (and possibly PUT and DELETE) requests which works transparently and on AJAX requests.
Please gimme feedback as whether or not I should make an OWASP tool out of this.
-Abbas
______________________________________________________________
Notice: This message is digitally signed, its source and integrity are verifiable.
If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body.  Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130402/6939ad3c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130402/6939ad3c/attachment.bin>


More information about the OWASP-Leaders mailing list