This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Talk:Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
== Don't post theoretical attacks,  or "here say" on any OWASP page. ==
 
== Don't post theoretical attacks,  or "here say" on any OWASP page. ==
  
Look people. A referer check is a valid form of protection and is currently being used to stop the most dangerous CSRF vulnerability ever discovered (according to the DHS: http://www.kb.cert.org/vuls/id/643049).  If you think it be exploitedPROVE IT.  Stop spreading clearly false information on OWASP.  
+
If you edit this page, please provide a rational.  If you make a mindless edit without rationalizationit maybe reverted.
  
Write an exploit and show me that it worksThen you can change the owasp wiki.
+
A referer check is a valid form of protection and is currently being used to stop the most dangerous CSRF vulnerability ever discovered (according to the DHS: http://www.kb.cert.org/vuls/id/643049)If you think it be exploited,  PROVE IT.  Stop spreading clearly false information on OWASP.

Revision as of 20:31, 7 August 2013

Don't post theoretical attacks, or "here say" on any OWASP page.

If you edit this page, please provide a rational. If you make a mindless edit without rationalization, it maybe reverted.

A referer check is a valid form of protection and is currently being used to stop the most dangerous CSRF vulnerability ever discovered (according to the DHS: http://www.kb.cert.org/vuls/id/643049). If you think it be exploited, PROVE IT. Stop spreading clearly false information on OWASP.