This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "CSRFProtector Project"

From OWASP
Jump to: navigation, search
Line 15: Line 15:
 
<li><b>Apache 2.x.x Module: </b>An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.  
 
<li><b>Apache 2.x.x Module: </b>An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.  
 
</li>
 
</li>
<li><b>php library: </b> A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function.
+
<li><b>php library: </b> A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. [https://github.com/mebjas/CSRF-Protector-PHP/wiki View More]
 
</li>
 
</li>
 
==Why CSRF Protector?==
 
==Why CSRF Protector?==

Revision as of 19:23, 25 July 2014

OWASP CSRF Protector Project

OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery, providing php library and an Apache Module (to be used differently) for easy mitigation.

GitHub Repo - php library
GitHub Repo - Apache module


What is CSRF Protector?

CSRF Protector Project has two parts:

  • Apache 2.x.x Module: An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.
  • php library: A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. View More

    • Why CSRF Protector?

    CSRF Protector is suitable for three group of developers:

    • Framework Developers can use the libraries and tools to strengthen their framework security
    • PHP Application Developers can use the library and tools to enhance their application security
    • New PHP Developers can use the tools and libraries to create secure applications from scratch

    Project leader

    Abbas Naderi

    How to use

    See github wiki - How to use
    Gihub wiki

    Major Contributors

    Features Offered

    CSRF Protection provide protection for:

    • Normal HTML forms (POST/GET)
    • Normal Get requests (Not enabled by default)
    • Ajax Requests (XHR)
    • Dynamically generated forms

    Damages Mitigated

    • Cross Site Request Forgery

    Get Involved

    To contribute to the code fork and send a pull to:
    GitHub Repo - php library
    GitHub Repo - Apache module

    For discussions, join our mailing list: - Mailing List


    Salient Features

    • Easy to integrate
    • Support for AJAX & GET requests
    • Per request token used
    • Cross Domain Support (Next version)

    Quick Download

    CSRF Protector PHP library

    Website

    News and Events

    Classifications

    Owasp-incubator-trans-85.png Owasp-builders-small.png
    Owasp-defenders-small.png
    Cc-button-y-sa-small.png


    Retrieved from "https://wiki.owasp.org/index.php?title=CSRFProtector_Project&oldid=179308"