[Owasp-leaders] CSRF Cheating

Jim Manico jim.manico at owasp.org
Sat Jan 26 02:49:50 UTC 2013


Hello folks,

I'd like to see the current CSRF Prevention cheat sheet reviewed and revamped. I think it needs a bit more brevity and some technical cleanup.

Does anyone here with expertise in CSRF defense care to take this on?

I think we want to discuss the tradeoff between token synchronizer, token synchronizer per request, and double-submit cookie. We should also discuss re-authentication here.

Ideally, someone who understands deeply how the different frameworks handle CSRF would be helpful.

Any takers?

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

Aloha,
Jim Manico
@Manicode


More information about the OWASP-Leaders mailing list