Skip to content

CSRF protector – Concept, Design and Future | Minhaz’s Blog #14

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
utterances-bot opened this issue Jan 3, 2021 · 1 comment
Open

CSRF protector – Concept, Design and Future | Minhaz’s Blog #14

utterances-bot opened this issue Jan 3, 2021 · 1 comment

Comments

@utterances-bot
Copy link

CSRF protector – Concept, Design and Future | Minhaz’s Blog

CSRF has been on OWASP Top 10 for a long time, and several methods have been implemented to mitigate it. Most of the web frameworks have inbuilt methods, which can be used to make a website safe against CSRF. However lot of web applications are still vulnerable to CSRF and its partially because developer tend to forget to implement it with every FORM or AJAX requests. And that is because the approach used for CSRF Mitigation in most of the frameworks is not centralised, we have to attach a token with every FORM we want to protect. OWASP CSRF Protector on the other hand used centralised approach, it employs javascript on client side to ensure, tokens are sent with every request sent from client, so that is correctly valid

https://blog.minhazav.dev/CSRF-Protector-concept-design-and-future/
@apishdad utterances
Copy link

apishdad commented Jan 3, 2021

HI Minhaz, Is the module that you have listed for Apache work on Apache 2.4?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@apishdad @utterances-bot