Category Archives: OWASP

Support for custom logging in CSRF Protector Library and more

Here are a few updates to CSRF Protector Library. Let’s call it version 1.0.1 Major features Support for custom logger So with insufficient logging and monitoring in OWASP Top 10 2017, logging and monitoring is more serious concern than ever, now. So far, CSRF Protector had support for file based… Read more »

Summing up Taiwan Visit for OWASP Taiwan Week 2017

      No Comments on Summing up Taiwan Visit for OWASP Taiwan Week 2017

I recently had a chance to visit Taiwan, all thanks to OWASP Taiwan Chapter for inviting me as a speaker for OWASP Taiwan Week 2017 and being such wonderful hosts. Here’s a quick sum up of the event in my point of view. OWASP OWASP stands for Open Web Application… Read more »

Introducing minor improvements to CSRF Protector PHP

The OWASP CSRFProtector project started with an aim to develop a solution that can mitigate Cross Site Request Forgery in web applications without much developer effort. The most common solution for mitigating CSRF is using a token which cannot be retrieved by the attacker, thus ensuring the authenticity of the… Read more »

logging out and then logging in throws 403 error with CSRF Protector PHP – fix / workaround

Recently an interesting bug came up in CSRF Protector PHP. Read the entire issue thread on Github. If you log out of your website and then try to login again there only, CSRF Protector throws 403 – forbidden response. So this comes by design because first thing that you do… Read more »

CSRF protector – concept, design and future

      No Comments on CSRF protector – concept, design and future

CSRF – Cross Site Request Forgery “Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The… Read more »