This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

From OWASP
Revision as of 22:42, 24 August 2012 by Michael Brooks (talk | contribs)

Jump to: navigation, search

Don't post theoretical attacks, or "here say" on any OWASP page.

Look people. A referer check is a valid form of protection and is currently being used to stop the most dangerous CSRF vulnerability ever discovered (according to the DHS: http://www.kb.cert.org/vuls/id/643049). If you think it be exploited, PROVE IT. Stop spreading clearly false information on OWASP.

Write an exploit and show me that it works. Then you can change the owasp wiki.