This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "CSRFGuard 3 User Manual"
(→Download) |
(→Token Injection) |
||
Line 32: | Line 32: | ||
= Token Injection = | = Token Injection = | ||
− | JavaScript DOM Manipulation requires minimal effort on behalf of the developer and is ideal for most web based applications. The JSP tag library should be utilized in situations where the JavaScript DOM Manipulation token injection strategy is found to be technically insufficient. Together, the JavaScript DOM Manipulation and the JSP tag library provide strong and fine grain means of integrating CSRF prevention tokens within application presentation logic. | + | OWASP CSRFGuard offers two general strategies to inject prevention tokens into HTML: JavaScript DOM Manipulation and the JSP Tag Library. JavaScript DOM Manipulation requires minimal effort on behalf of the developer and is ideal for most web based applications. The JSP tag library should be utilized in situations where the JavaScript DOM Manipulation token injection strategy is found to be technically insufficient. Together, the JavaScript DOM Manipulation and the JSP tag library provide strong and fine grain means of integrating CSRF prevention tokens within application presentation logic. |
[[CSRFGuard_3_Token_Injection | Click here]] for more information regarding the injection of CSRF prevention tokens within your application. | [[CSRFGuard_3_Token_Injection | Click here]] for more information regarding the injection of CSRF prevention tokens within your application. | ||
[[Category:OWASP_CSRFGuard_Project]] | [[Category:OWASP_CSRFGuard_Project]] |
Revision as of 22:52, 13 December 2010
Overview
Welcome to the OWASP CSRFGuard 3 User Manual! The purpose of this article is to provide the user with guidance on obtaining, installing, deploying, and developing with the OWASP CSRFGuard library. The author's goal was to keep the User Manual informative, use to understand, and concise. If you find that one or more aspects of this document does not adhere to these goals, please me know at eric dot sheridan at owasp dot org.
Download
Users can download the latest release of OWASP CSRFGuard using one of the following links:
- OWASP CSRFGuard 3.0.0.245 (ALPHA) - download the latest development release with binary and associated configuration files (recommended).
Installation
Installation of OWASP CSRFGuard 3 is very straight forward requiring three simple steps:
- Copy the Owasp.CsrfGuard.jar file to your application's classpath
- Map the CsrfGuardFilter in your application's deployment descriptor (web.xml)
- Configure the Owasp.CsrfGuard.properties file as you see fit
Click here for more detailed information regarding the installation of OWASP CSRFGuard.
Configuration
The minimum configuration settings that users should review include:
- Default new token landing page (org.owasp.csrfguard.NewTokenLandingPage)
- Support for Ajax and XMLHttpRequest (org.owasp.csrfguard.Ajax)
- URI resources that should not be protected (org.owasp.csrfguard.unprotected.*)
- Actions executed when an attack is detected (org.owasp.csrfguard.action.*)
Click here for more information regarding the configuration of OWASP CSRFGuard.
Token Injection
OWASP CSRFGuard offers two general strategies to inject prevention tokens into HTML: JavaScript DOM Manipulation and the JSP Tag Library. JavaScript DOM Manipulation requires minimal effort on behalf of the developer and is ideal for most web based applications. The JSP tag library should be utilized in situations where the JavaScript DOM Manipulation token injection strategy is found to be technically insufficient. Together, the JavaScript DOM Manipulation and the JSP tag library provide strong and fine grain means of integrating CSRF prevention tokens within application presentation logic.
Click here for more information regarding the injection of CSRF prevention tokens within your application.