[Owasp-leaders] CSRF Cheating

Jim Manico jim.manico at owasp.org
Sat Jan 26 02:49:50 UTC 2013

Hello folks,

I'd like to see the current CSRF Prevention cheat sheet reviewed and revamped. I think it needs a bit more brevity and some technical cleanup.

Does anyone here with expertise in CSRF defense care to take this on?

I think we want to discuss the tradeoff between token synchronizer, token synchronizer per request, and double-submit cookie. We should also discuss re-authentication here.

Ideally, someone who understands deeply how the different frameworks handle CSRF would be helpful.

Any takers?


Jim Manico

More information about the OWASP-Leaders mailing list