This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "CSRFProtector Project"

From OWASP
Jump to: navigation, search
m (Contributors modified)
Line 5: Line 5:
  
 
==OWASP CSRF Protector Project==
 
==OWASP CSRF Protector Project==
 +
OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery, providing php library and an Apache Module (to be used differently) for easy mitigation.
  
 
+
[https://github.com/mebjas/CSRF-Protector-PHP GitHub Repo - php library]<br>
[https://github.com/mebjas/CSRF-Protector-PHP GitHub Repo - php library]
 
 
[https://github.com/mebjas/mod_csrfprotector GitHub Repo - Apache module]
 
[https://github.com/mebjas/mod_csrfprotector GitHub Repo - Apache module]
  
  
 
==What is CSRF Protector?==
 
==What is CSRF Protector?==
 
+
CSRF Protector Project has two parts:
 +
<li><b>Apache 2.x.x Module: </b>An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.
 +
</li>
 +
<li><b>php library: </b> A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function.
 +
</li>
 
==Why CSRF Protector?==
 
==Why CSRF Protector?==
 
CSRF Protector is suitable for three group of developers:
 
CSRF Protector is suitable for three group of developers:
Line 33: Line 37:
  
 
==Features Offered==
 
==Features Offered==
 
+
CSRF Protection provide protection for:
 +
* Normal HTML forms (POST/GET)
 +
* Normal Get requests (Not enabled by default)
 +
* Ajax Requests (XHR)
 +
* Dynamically generated forms
 
==Damages Mitigated==
 
==Damages Mitigated==
 
* Cross Site Request Forgery
 
* Cross Site Request Forgery

Revision as of 11:43, 24 June 2014

OWASP CSRF Protector Project

OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery, providing php library and an Apache Module (to be used differently) for easy mitigation.

GitHub Repo - php library
GitHub Repo - Apache module


What is CSRF Protector?

CSRF Protector Project has two parts:

  • Apache 2.x.x Module: An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.
  • php library: A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function.

    • Why CSRF Protector?

    CSRF Protector is suitable for three group of developers:

    • Framework Developers can use the libraries and tools to strengthen their framework security
    • PHP Application Developers can use the library and tools to enhance their application security
    • New PHP Developers can use the tools and libraries to create secure applications from scratch

    Project leader

    Abbas Naderi

    Major Contributors

    Features Offered

    CSRF Protection provide protection for:

    • Normal HTML forms (POST/GET)
    • Normal Get requests (Not enabled by default)
    • Ajax Requests (XHR)
    • Dynamically generated forms

    Damages Mitigated

    • Cross Site Request Forgery

    Quick Download

    Website

    News and Events

    Classifications

    Owasp-incubator-trans-85.png Owasp-builders-small.png
    Owasp-defenders-small.png
    Cc-button-y-sa-small.png


    Retrieved from "https://wiki.owasp.org/index.php?title=CSRFProtector_Project&oldid=177428"