Category: OWASP

Support for custom logging in CSRF Protector Library and more

Minhaz

Minhaz

Software Engineer II at Microsoft
I work as Software Engineer for Microsoft Azure Production & Infrastructure Engineering team. My day to day work revolve much around distributed systems and machine learning. I am excited to explore areas like Natural Language Processing and Knowledge Bases and see if they can help solve bunch of problems yet to be commercially solved.
Minhaz
Here are a few updates to CSRF Protector Library. Let’s call it version 1.0.1 Major features Support for custom logger So with insufficient logging and monitoring in OWASP Top 10 2017, logging and monitoring is more serious concern than ever, now. So far, CSRF Protector had support for file based logging only, and it was

Summing up Taiwan Visit for OWASP Taiwan Week 2017

Minhaz

Minhaz

Software Engineer II at Microsoft
I work as Software Engineer for Microsoft Azure Production & Infrastructure Engineering team. My day to day work revolve much around distributed systems and machine learning. I am excited to explore areas like Natural Language Processing and Knowledge Bases and see if they can help solve bunch of problems yet to be commercially solved.
Minhaz
I recently had a chance to visit Taiwan, all thanks to OWASP Taiwan Chapter for inviting me as a speaker for OWASP Taiwan Week 2017 and being such wonderful hosts. Here’s a quick sum up of the event in my point of view. OWASP OWASP stands for Open Web Application Security Project. Here’s more in

Introducing minor improvements to CSRF Protector PHP

Minhaz

Minhaz

Software Engineer II at Microsoft
I work as Software Engineer for Microsoft Azure Production & Infrastructure Engineering team. My day to day work revolve much around distributed systems and machine learning. I am excited to explore areas like Natural Language Processing and Knowledge Bases and see if they can help solve bunch of problems yet to be commercially solved.
Minhaz
The OWASP CSRFProtector project started with an aim to develop a solution that can mitigate Cross Site Request Forgery in web applications without much developer effort. The most common solution for mitigating CSRF is using a token which cannot be retrieved by the attacker, thus ensuring the authenticity of the incoming request to the server.

logging out and then logging in throws 403 error with CSRF Protector PHP – fix / workaround

Minhaz

Minhaz

Software Engineer II at Microsoft
I work as Software Engineer for Microsoft Azure Production & Infrastructure Engineering team. My day to day work revolve much around distributed systems and machine learning. I am excited to explore areas like Natural Language Processing and Knowledge Bases and see if they can help solve bunch of problems yet to be commercially solved.
Minhaz
Recently an interesting bug came up in CSRF Protector PHP. Read the entire issue thread on Github. If you log out of your website and then try to login again there only, CSRF Protector throws 403 – forbidden response. So this comes by design because first thing that you do in your logout script is,

CSRF protector – concept, design and future

Minhaz

Minhaz

Software Engineer II at Microsoft
I work as Software Engineer for Microsoft Azure Production & Infrastructure Engineering team. My day to day work revolve much around distributed systems and machine learning. I am excited to explore areas like Natural Language Processing and Knowledge Bases and see if they can help solve bunch of problems yet to be commercially solved.
Minhaz
CSRF – Cross Site Request Forgery “Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful cross-site