.

OWASP CSRFGuard

<<

Xorcist

Newbie
Newbie

Posts: 2

Joined: Wed Apr 11, 2012 2:13 am

Post Sun Apr 15, 2012 12:36 am

OWASP CSRFGuard

hey guys..
How good is CSRFguard? i am trying to configure my web application which is based on Tomcat server with CSRFGuard to protect it against CSRF attacks.. but not sure how good is this solution?
had anyone experienced CSRFguard?? if positive, please point me to some place where i can get a right configuration of CSRFGuard.
and.. is this this being continuously supported by owasp?
<<

millwalll

Post Mon Apr 16, 2012 3:08 pm

Re: OWASP CSRFGuard

I have never used it saying that OWASP project are pretty good. I would say asking on the OWASP site would be the best place for an answer.
<<

ambient

User avatar

Newbie
Newbie

Posts: 20

Joined: Tue Feb 17, 2009 1:33 am

Location: Thailand

Post Tue Apr 17, 2012 12:19 pm

Re: OWASP CSRFGuard

l think implementing an anti-CSRF mechanism in our application is not difficult. You can turn on/off your mechanism at arbitrary points. Moreover, with java platform, if you use some frameworks like struts, you can use its built-in anti CSRF mechanism.

For CSRF guard, I have never used  ???
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Tue Apr 17, 2012 12:30 pm

Re: OWASP CSRFGuard

The last commit was 2 months ago and the mailing list appears to be somewhat active, so would say it's fairly current. I have not used it but would note the project is listed as Alpha as is the case with many OWASP projects.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software