This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "CSRFGuard 3 User Manual"

From OWASP
Jump to: navigation, search
(Deployment)
(Configuration)
Line 22: Line 22:
 
= Configuration =
 
= Configuration =
  
The most important aspect of deploying OWASP CSRFGuard is configuration of the Owasp.CsrfGuard.properties file. There are a minimum number of configuration settings that users should review and specify before running an instance of OWASP CSRFGuard. Such configurations include specifying the new token landing page, enabling Ajax support for applications making use of XMLHttpRequest, capturing pages that should not be protected, as well as configuring one or more actions that should be invoked when a CSRF attack is identified.
+
The minimum configuration settings that users should review include:
 +
 
 +
:* Default new token landing page (org.owasp.csrfguard.NewTokenLandingPage)
 +
:* Support for Ajax and XMLHttpRequest (org.owasp.csrfguard.Ajax)
 +
:* URI resources that should not be protected (org.owasp.csrfguard.unprotected.*)
 +
:* Actions executed when an attack is detected (org.owasp.csrfguard.action.*)
  
 
[[CSRFGuard_3_Deployment | Click here]] for more information regarding the configuration of OWASP CSRFGuard.
 
[[CSRFGuard_3_Deployment | Click here]] for more information regarding the configuration of OWASP CSRFGuard.

Revision as of 19:28, 16 November 2010

Overview

Welcome to the OWASP CSRFGuard 3 User Manual! The purpose of this article is to provide the user with guidance on obtaining, installing, deploying, and developing with the OWASP CSRFGuard library. The author's goal was to keep the User Manual informative, use to understand, and concise. If you find that one or more aspects of this document does not adhere to these goals, please me know at eric dot sheridan at owasp dot org.

Download

Users can download the latest release of OWASP CSRFGuard using one of the following links:

Latest Stable Binary - download the latest stable binary and associated configuration files (recommended).
Latest Stable Source - download the latest stable archive of the project source code.

Installation

Installation of OWASP CSRFGuard 3 is very straight forward requiring three simple steps:

  1. Copy the Owasp.CsrfGuard.jar file to your application's classpath
  2. Map the CsrfGuardFilter in your application's deployment descriptor (web.xml)
  3. Configure the Owasp.CsrfGuard.properties file as you see fit

Click here for more detailed information regarding the installation of OWASP CSRFGuard.

Configuration

The minimum configuration settings that users should review include:

  • Default new token landing page (org.owasp.csrfguard.NewTokenLandingPage)
  • Support for Ajax and XMLHttpRequest (org.owasp.csrfguard.Ajax)
  • URI resources that should not be protected (org.owasp.csrfguard.unprotected.*)
  • Actions executed when an attack is detected (org.owasp.csrfguard.action.*)

Click here for more information regarding the configuration of OWASP CSRFGuard.

Token Injection

JSP Tag Library

Dynamic JavaScript

FAQ

Retrieved from "https://wiki.owasp.org/index.php?title=CSRFGuard_3_User_Manual&oldid=93093"