How good is CSRFguard? i am trying to configure my web application which is based on Tomcat server with CSRFGuard to protect it against CSRF attacks.. but not sure how good is this solution?
had anyone experienced CSRFguard?? if positive, please point me to some place where i can get a right configuration of CSRFGuard.
and.. is this this being continuously supported by owasp?
l think implementing an anti-CSRF mechanism in our application is not difficult. You can turn on/off your mechanism at arbitrary points. Moreover, with java platform, if you use some frameworks like struts, you can use its built-in anti CSRF mechanism.
The last commit was 2 months ago and the mailing list appears to be somewhat active, so would say it’s fairly current. I have not used it but would note the project is listed as Alpha as is the case with many OWASP projects.
Viewing 3 reply threads
You must be logged in to reply to this topic.
– EH-Net Live!Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!