This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "CSRFProtector Project"

From OWASP
Jump to: navigation, search
(Quick Links)
(reference added)
Line 17: Line 17:
 
<li><b>php library: </b> A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. [https://github.com/mebjas/CSRF-Protector-PHP/wiki View More]
 
<li><b>php library: </b> A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. [https://github.com/mebjas/CSRF-Protector-PHP/wiki View More]
 
</li>
 
</li>
 +
<br>
 +
Its based on the research paper [http://www3.cs.stonybrook.edu/~rpelizzi/jcsrf.pdf A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications - ACSAC 2011]
 +
 
==Why CSRF Protector?==
 
==Why CSRF Protector?==
 
CSRF Protector is suitable for three group of developers:
 
CSRF Protector is suitable for three group of developers:

Revision as of 16:52, 21 April 2015

OWASP CSRF Protector Project

OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery, providing php library and an Apache Module (to be used differently) for easy mitigation.

GitHub Repo - php library
GitHub Repo - Apache module


What is CSRF Protector?

CSRF Protector Project has two parts:

  • Apache 2.x.x Module: An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.
  • php library: A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. View More


    • Its based on the research paper A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications - ACSAC 2011

    Why CSRF Protector?

    CSRF Protector is suitable for three group of developers:

    • Framework Developers can use the libraries and tools to strengthen their framework security
    • PHP Application Developers can use the library and tools to enhance their application security
    • New PHP Developers can use the tools and libraries to create secure applications from scratch

    Project leader

    Abbas Naderi

    How to use

    See github wiki - How to use
    Gihub wiki

    Major Contributors

    Features Offered

    CSRF Protection provide protection for:

    • Normal HTML forms (POST/GET)
    • Normal Get requests (Not enabled by default)
    • Ajax Requests (XHR)
    • Dynamically generated forms

    Damages Mitigated

    • Cross Site Request Forgery

    Get Involved

    To contribute to the code fork and send a pull to:
    GitHub Repo - php library
    GitHub Repo - Apache module

    For discussions, join our mailing list: - Mailing List


    Salient Features

    • Easy to integrate
    • Support for AJAX & GET requests
    • Per request token used
    • Cross Domain Support (Next version)

    Quick Download

    CSRF Protector PHP library

    Quick Links

    CSRFProtector.pptx

    News and Events

    Classifications

    Owasp-incubator-trans-85.png Owasp-builders-small.png
    Owasp-defenders-small.png
    Cc-button-y-sa-small.png


    Retrieved from "https://wiki.owasp.org/index.php?title=CSRFProtector_Project&oldid=193775"