Category: PHP

Support for custom logging in CSRF Protector Library and more

Minhaz

Minhaz

Software Engineer II at Microsoft
I work as Software Engineer for Microsoft Azure Production & Infrastructure Engineering team. My day to day work revolve much around distributed systems and machine learning. I am excited to explore areas like Natural Language Processing and Knowledge Bases and see if they can help solve bunch of problems yet to be commercially solved.
Minhaz
Here are a few updates to CSRF Protector Library. Let’s call it version 1.0.1 Major features Support for custom logger So with insufficient logging and monitoring in OWASP Top 10 2017, logging and monitoring is more serious concern than ever, now. So far, CSRF Protector had support for file based logging only, and it was

Introducing minor improvements to CSRF Protector PHP

Minhaz

Minhaz

Software Engineer II at Microsoft
I work as Software Engineer for Microsoft Azure Production & Infrastructure Engineering team. My day to day work revolve much around distributed systems and machine learning. I am excited to explore areas like Natural Language Processing and Knowledge Bases and see if they can help solve bunch of problems yet to be commercially solved.
Minhaz
The OWASP CSRFProtector project started with an aim to develop a solution that can mitigate Cross Site Request Forgery in web applications without much developer effort. The most common solution for mitigating CSRF is using a token which cannot be retrieved by the attacker, thus ensuring the authenticity of the incoming request to the server.

logging out and then logging in throws 403 error with CSRF Protector PHP – fix / workaround

Minhaz

Minhaz

Software Engineer II at Microsoft
I work as Software Engineer for Microsoft Azure Production & Infrastructure Engineering team. My day to day work revolve much around distributed systems and machine learning. I am excited to explore areas like Natural Language Processing and Knowledge Bases and see if they can help solve bunch of problems yet to be commercially solved.
Minhaz
Recently an interesting bug came up in CSRF Protector PHP. Read the entire issue thread on Github. If you log out of your website and then try to login again there only, CSRF Protector throws 403 – forbidden response. So this comes by design because first thing that you do in your logout script is,