This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "CSRFProtector Project"

From OWASP

Jump to: navigation, search

Latest revision as of 22:12, 15 March 2018

OWASP CSRF Protector Project

OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery, providing php library and an Apache Module (to be used differently) for easy mitigation.

GitHub Repo - php library
GitHub Repo - Apache module

What is CSRF Protector?

CSRF Protector Project has two parts:

Apache 2.x.x Module: An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.

php library: A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. View More

Its based on the research paper A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications - ACSAC 2011

Why CSRF Protector?

CSRF Protector is suitable for three group of developers:

Framework Developers can use the libraries and tools to strengthen their framework security
PHP Application Developers can use the library and tools to enhance their application security
New PHP Developers can use the tools and libraries to create secure applications from scratch

Project leader

Minhaz

How to use

See github wiki - How to use
Gihub wiki

Major Contributors

Features Offered

CSRF Protection provide protection for:

Normal HTML forms (POST/GET)
Normal Get requests (Not enabled by default)
Ajax Requests (XHR)
Dynamically generated forms

Damages Mitigated

Cross Site Request Forgery

Get Involved

To contribute to the code fork and send a pull to:
GitHub Repo - php library
GitHub Repo - Apache module
Todofy - php library
Todofy - Apache module

For discussions, join our mailing list: - Mailing List

Salient Features

Easy to integrate
Support for AJAX & GET requests
Per request token used
Cross Domain Support (Next version)

Quick Download

CSRFProtector PHP

Quick Links

- SlideShare Deck

News and Events

Classifications

Retrieved from "https://wiki.owasp.org/index.php?title=CSRFProtector_Project&oldid=238652"

Categories:

@@ Line 2: / Line 2: @@
 {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
-| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
+| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
 ==OWASP CSRF Protector Project==
@@ Line 15: / Line 15: @@
 <li><b>Apache 2.x.x Module: </b>An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.
 </li>
-<li><b>php library: </b> A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function.
+<li><b>php library: </b> A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. [https://github.com/mebjas/CSRF-Protector-PHP/wiki View More]
 </li>
+<br>
+Its based on the research paper [http://www3.cs.stonybrook.edu/~rpelizzi/jcsrf.pdf A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications - ACSAC 2011]
 ==Why CSRF Protector?==
 CSRF Protector is suitable for three group of developers:
@@ Line 26: / Line 29: @@
 ==Project leader==
-[https://www.owasp.org/index.php/User:Abbas_Naderi Abbas Naderi]
+*[[User:A_V_Minhaz|Minhaz]]
+| valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |
-| valign="top"  style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |
 ==How to use==
-[https://github.com/mebjas/CSRF-Protector-PHP/wiki/How-to-use  See github wiki - How to use]<br>
+[https://github.com/mebjas/CSRF-Protector-PHP/wiki/How-to-use See github wiki - How to use]<br>
 [https://github.com/mebjas/CSRF-Protector-PHP/wiki/ Gihub wiki]
 ==Major Contributors==
 *[[User:A_V_Minhaz|Minhaz]]
 *[[User:Kevin_W._Wall|Kevin W Wall]]
+*[[User:Abbas Naderi|Abbas Naderi]]
 *[[User:Jmanico|Jim Manico]]
 *Abhinav Dahiya
@@ Line 50: / Line 55: @@
 To contribute to the code fork and send a pull to:<br>
 [https://github.com/mebjas/CSRF-Protector-PHP GitHub Repo - php library]<br>
-[https://github.com/mebjas/mod_csrfprotector GitHub Repo - Apache module]
+[https://github.com/mebjas/mod_csrfprotector GitHub Repo - Apache module]<br>
+[https://todofy.org/r/mebjas/CSRF-Protector-PHP Todofy - php library]<br>
+[https://todofy.org/r/mebjas/mod_csrfprotector Todofy - Apache module]
 For discussions, join our mailing list: [https://lists.owasp.org/mailman/listinfo/owasp-csrfprotector - Mailing List]
+| valign="top" style="padding-left:25px;width:200px;" |
+== Salient Features ==
-| valign="top"  style="padding-left:25px;width:200px;" |
+* Easy to integrate
+* Support for AJAX & GET requests
+* Per request token used
+* Cross Domain Support (Next version)
 == Quick Download ==
+[https://github.com/mebjas/CSRF-Protector-PHP/releases CSRFProtector PHP]
+== Quick Links ==
-== Website ==
+- [http://www.slideshare.net/MinhazAv/csrf-protector SlideShare Deck]
 == News and Events ==
@@ Line 68: / Line 80: @@
     {| width="200" cellpadding="2"
     |-
-    | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=:Category:OWASP_Project#tab=Terminology]]
+    | rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-incubator-trans-85.png|link=:Category:OWASP_Project#tab=Terminology]]
-    | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]]
+    | align="center" valign="top" width="50%" | [[File:Owasp-builders-small.png|link=Builders]]
     |-
-    | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]
+    | align="center" valign="top" width="50%" | [[File:Owasp-defenders-small.png|link=Defenders]]
     |-
-    | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
+    | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
     |}
 |}
 = Apache Module =
@@ Line 84: / Line 95: @@
 {{:CSRF_Protector_php_library}}
-__NOTOC__ <headertabs />
+__NOTOC__ <headertabs></headertabs>
-[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:OWASP_Download]]
+[[Category:OWASP Project]]
+[[Category:OWASP_Builders]]
+[[Category:OWASP_Defenders]]
+[[Category:OWASP_Document]]
+[[Category:OWASP_Download]]