[Owasp-leaders] CSRF Cheating

Abbas Naderi abbas.naderi at owasp.org
Sat Jan 26 04:43:50 UTC 2013


Hello,
I'm on to this but I think some code samples are required first. If you give me a month I think something good will happen.
-Abbas
On ۷ بهمن ۱۳۹۱, at ۶:۱۹, Jim Manico <jim.manico at owasp.org> wrote:

> Hello folks,
> 
> I'd like to see the current CSRF Prevention cheat sheet reviewed and revamped. I think it needs a bit more brevity and some technical cleanup.
> 
> Does anyone here with expertise in CSRF defense care to take this on?
> 
> I think we want to discuss the tradeoff between token synchronizer, token synchronizer per request, and double-submit cookie. We should also discuss re-authentication here.
> 
> Ideally, someone who understands deeply how the different frameworks handle CSRF would be helpful.
> 
> Any takers?
> 
> https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
> 
> Aloha,
> Jim Manico
> @Manicode
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4889 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130126/bcf0d49a/attachment.bin>


More information about the OWASP-Leaders mailing list