This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "CSRFProtector Project"

From OWASP
Jump to: navigation, search
(Quick Links)
Line 67: Line 67:
  
 
== Quick Links ==
 
== Quick Links ==
[http://cistoner.org/minhaz/wp-content/uploads/2014/11/owasp.key CSRFProtector.key]<br>
 
 
[http://cistoner.org/minhaz/wp-content/uploads/2014/11/owasp.pptx CSRFProtector.pptx]
 
[http://cistoner.org/minhaz/wp-content/uploads/2014/11/owasp.pptx CSRFProtector.pptx]
 +
 
== News and Events ==
 
== News and Events ==
  

Revision as of 18:37, 13 December 2014

OWASP CSRF Protector Project

OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery, providing php library and an Apache Module (to be used differently) for easy mitigation.

GitHub Repo - php library
GitHub Repo - Apache module


What is CSRF Protector?

CSRF Protector Project has two parts:

  • Apache 2.x.x Module: An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.
  • php library: A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. View More

    • Why CSRF Protector?

    CSRF Protector is suitable for three group of developers:

    • Framework Developers can use the libraries and tools to strengthen their framework security
    • PHP Application Developers can use the library and tools to enhance their application security
    • New PHP Developers can use the tools and libraries to create secure applications from scratch

    Project leader

    Abbas Naderi

    How to use

    See github wiki - How to use
    Gihub wiki

    Major Contributors

    Features Offered

    CSRF Protection provide protection for:

    • Normal HTML forms (POST/GET)
    • Normal Get requests (Not enabled by default)
    • Ajax Requests (XHR)
    • Dynamically generated forms

    Damages Mitigated

    • Cross Site Request Forgery

    Get Involved

    To contribute to the code fork and send a pull to:
    GitHub Repo - php library
    GitHub Repo - Apache module

    For discussions, join our mailing list: - Mailing List


    Salient Features

    • Easy to integrate
    • Support for AJAX & GET requests
    • Per request token used
    • Cross Domain Support (Next version)

    Quick Download

    CSRF Protector PHP library

    Quick Links

    CSRFProtector.pptx

    News and Events

    Classifications

    Owasp-incubator-trans-85.png Owasp-builders-small.png
    Owasp-defenders-small.png
    Cc-button-y-sa-small.png


    Retrieved from "https://wiki.owasp.org/index.php?title=CSRFProtector_Project&oldid=187006"