[OWASP_PHPSEC] Cross Site Request Forgery

Minhaz A V minhazav at gmail.com
Sat Feb 22 19:53:25 UTC 2014


Hi all,
I'm of impression that PHPSEC covers / mitigates most of the
vulnerabilities that exist in OWASP Top 10 list except CSRF. Also this is
something that OWASP aims to cover in this year's GSOC.
With* OWASP CSRF guard* OWASP is aiming to implement a server-side proxy
which can directly help mitigating CSRF without developer's intervention.

But as a set of security library, I think CSRF prevention method should be
implemented in phpsec as well! We could use traditional token based method
here!
Correct me if it has already been implemented :O


Minhaz
cistoner.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp_php_security_project/attachments/20140223/19989fd6/attachment.html>


More information about the OWASP_PHP_Security_Project mailing list