[Owasp-leaders] CSRF Cheating
jim.manico at owasp.org
Sat Jan 26 02:49:50 UTC 2013
I'd like to see the current CSRF Prevention cheat sheet reviewed and revamped. I think it needs a bit more brevity and some technical cleanup.
Does anyone here with expertise in CSRF defense care to take this on?
I think we want to discuss the tradeoff between token synchronizer, token synchronizer per request, and double-submit cookie. We should also discuss re-authentication here.
Ideally, someone who understands deeply how the different frameworks handle CSRF would be helpful.
More information about the OWASP-Leaders