[Owasp-leaders] CSRFGuard Project version 4.0

Azzeddine Ramrami azzeddine.ramrami at owasp.org
Sat Dec 12 16:14:02 UTC 2015


Hi Leaders,

I will relase by the end of this year a new version of CSRFGuard Project
version 4.0 wich include but not limited to the following:

- True Random Generation for CSRFGuard token
- Ensure the integrity of the token to protect CSRFGuard againts XSS,
Session Hijacking and Session Fixation bypass
- Fine-grained configuration
- Support of single URI application
- and more.

I need to add also the following feature as I have some algorithm and
implementation:

- Dynamic Analysis of Java Code by using Code Instrumentation and to detect
any XSS, SQL Injection bypassed the CSRFGuard and fix in real-time the
request (sanitize the request) with a minimum overhead.

What is the best Dynamic Analysis tools (Opensource)?
What is the best algorithm for code instrumentation?

Thanks.

-- 
Azzeddine RAMRAMI
+33 6 65 48 90 04.
OWASP Leader (Morocco Chapter)
OWASP CSRFGuard Project Leader
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20151212/89d2b338/attachment.html>


More information about the OWASP-Leaders mailing list