This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

From OWASP
Revision as of 22:42, 24 August 2012 by Michael Brooks (talk | contribs)

Jump to: navigation, search

Don't post theoretical attacks, or "here say" on any OWASP page.

Look people. A referer check is a valid form of protection and is currently being used to stop the most dangerous CSRF vulnerability ever discovered (according to the DHS: http://www.kb.cert.org/vuls/id/643049). If you think it be exploited, PROVE IT. Stop spreading clearly false information on OWASP.

Write an exploit and show me that it works. Then you can change the owasp wiki.

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet&oldid=134756"