Category Archives: PHP

Support for custom logging in CSRF Protector Library and more

Here are a few updates to CSRF Protector Library. Let’s call it version 1.0.1 Major features Support for custom logger So with insufficient logging and monitoring in OWASP Top 10 2017, logging and monitoring is more serious concern than ever, now. So far, CSRF Protector had support for file based… Read more »

Introducing minor improvements to CSRF Protector PHP

The OWASP CSRFProtector project started with an aim to develop a solution that can mitigate Cross Site Request Forgery in web applications without much developer effort. The most common solution for mitigating CSRF is using a token which cannot be retrieved by the attacker, thus ensuring the authenticity of the… Read more »

logging out and then logging in throws 403 error with CSRF Protector PHP – fix / workaround

Recently an interesting bug came up in CSRF Protector PHP. Read the entire issue thread on Github. If you log out of your website and then try to login again there only, CSRF Protector throws 403 – forbidden response. So this comes by design because first thing that you do… Read more »