CSRFProtector Project

= Main =

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP CSRF Protector Project
OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery, providing php library and an Apache Module (to be used differently) for easy mitigation.

GitHub Repo - php library GitHub Repo - Apache module

What is CSRF Protector?
CSRF Protector Project has two parts: Apache 2.x.x Module: An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.  php library:  A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. View More  Its based on the research paper A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications - ACSAC 2011

Why CSRF Protector?
CSRF Protector is suitable for three group of developers:


 * Framework Developers can use the libraries and tools to strengthen their framework security
 * PHP Application Developers can use the library and tools to enhance their application security
 * New PHP Developers can use the tools and libraries to create secure applications from scratch

Project leader
Abbas Naderi


 * valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |

How to use
See github wiki - How to use Gihub wiki

Major Contributors

 * Minhaz
 * Kevin W Wall
 * Jim Manico
 * Abhinav Dahiya

Features Offered
CSRF Protection provide protection for:
 * Normal HTML forms (POST/GET)
 * Normal Get requests (Not enabled by default)
 * Ajax Requests (XHR)
 * Dynamically generated forms

Damages Mitigated

 * Cross Site Request Forgery

Get Involved
To contribute to the code fork and send a pull to: GitHub Repo - php library GitHub Repo - Apache module

For discussions, join our mailing list: - Mailing List


 * valign="top" style="padding-left:25px;width:200px;" |

Salient Features

 * Easy to integrate
 * Support for AJAX & GET requests
 * Per request token used
 * Cross Domain Support (Next version)

Quick Download
CSRF Protector PHP library

Quick Links
CSRFProtector.pptx

Classifications

 * }

= Apache Module = = php library =