Category:OWASP CSRFGuard Project
- Presentation & Manual
- Project Leader
- Source Code Download
- News and Events
- Road Map and Getting Involved
- Contact US
Welcome to the home of the OWASP CSRFGuard Project! OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks.
The OWASP CSRFGuard library is integrated through the use of a JavaEE Filter and exposes various automated and manual ways to integrate per-session or pseudo-per-request tokens into HTML.
What is CSRFGuard?
OWASP CSRFGuard provides:
This project can be purchased as a print on demand book from Lulu.com
OWASP CSRFGuard 3.1 is offered under the BSD license
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
Link to presentation
The CSRFGuard project is run by Azzeddine RAMRAMI.
The project co-leader is Sébastien Gioria.
With the active participation of:
Ahamed Nafeez Trent Schmidt
- OWASP CSRFTester - utility to assist in the testing and generating PoC for CSRF attacks.
- OWASP CSRF Prevention Cheat Sheet - provides a more holistic overview of CSRF prevention strategies and associated frameworks.
- http://www.owasp.org/index.php/PHP_CSRF_Guard - project implementing CSRFGuard style solution for PHP.
- http://www.owasp.org/index.php/.Net_CSRF_Guard - project implementing CSRFGuard style solution for ASP.NET.
- https://www.owasp.org/index.php/CSRFProtector_Project - CSRF Protector Project - Implements new Anti CSRF method in web applications
Download and build the latest source code from GitHub :
Download and build the latest source code from GitHub - https://github.com/aramrami/OWASP-CSRFGuard-3
Deprecated Releases - article containing several download references to deprecated and officially unsupported releases
CSRFGuard Binary in Maven Central
You can download a binary version from Maven Central here:
Thanks to Trent Schmidt and Joel Orlina (JIRA) for there help.
OWASP CSRFGuard v3 - series of articles describing the installation, configuration, and deployment of OWASP CSRFGuard v3.
- [08 Fev 2014] A security fix has been published. See details on GitHub
- [10 Feb 2014] Release 3.1 of CSRFGuard project is now available for download
- [28 Jul 2014] A new Github repository called "OWASP CSRFGuard-3" with issues management has been created
Here a complete CSRF attacks FAQ:
CSRFGuard is developed by a worldwide team of volunteers. The primary contributors to date have been:
- Ahamed Nafeez, Security Engineer.
- Christa Erwin, Security, Programmer/Analyst.
- Eric Sheridan was the original designer of CSRFGuard until 3.0 version.
As of CSRFGuard the priorities are:
- Support for Internet Explorer
- Addressing outstanding issues listed in GitHub
- Support for Multi-part requests
- Add support for the 'Origin' header
Involvement in the development and promotion of CSRFGurd is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Make fix to the actual version
- Propose a security enhcement
- Write a complete Architecture Folder for CSRFGurd
- Add an IA engine to detect unknown attacks.
You can sign up for the OWASP CSRFGuard email list at https://lists.owasp.org/mailman/listinfo/owasp-csrfguard