CSRFProtector Project

= Main =

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP CSRF Protector Project
OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery, providing php library and an Apache Module (to be used differently) for easy mitigation.

GitHub Repo - php library GitHub Repo - Apache module

What is CSRF Protector?
CSRF Protector Project has two parts: Apache 2.x.x Module: An Apache Module which can be easily installed and configured in an Apache Server to protect it from CSRF vulnerabilities.  php library:  A standalone php library which can be integrated with any existing web application or used while creating a new php project. All developer need to do is include the library and call the initiating function. View More 

Why CSRF Protector?
CSRF Protector is suitable for three group of developers:


 * Framework Developers can use the libraries and tools to strengthen their framework security
 * PHP Application Developers can use the library and tools to enhance their application security
 * New PHP Developers can use the tools and libraries to create secure applications from scratch

Project leader
Abbas Naderi


 * valign="top" style="padding-left:25px;width:300px;border-right: 1px dotted gray;padding-right:25px;" |

How to use
See github wiki - How to use Gihub wiki

Major Contributors

 * Minhaz
 * Kevin W Wall
 * Jim Manico
 * Abhinav Dahiya

Features Offered
CSRF Protection provide protection for:
 * Normal HTML forms (POST/GET)
 * Normal Get requests (Not enabled by default)
 * Ajax Requests (XHR)
 * Dynamically generated forms

Damages Mitigated

 * Cross Site Request Forgery

Get Involved
To contribute to the code fork and send a pull to: GitHub Repo - php library GitHub Repo - Apache module

For discussions, join our mailing list: - Mailing List


 * valign="top" style="padding-left:25px;width:200px;" |

Salient Features

 * Easy to integrate
 * Support for AJAX & GET requests
 * Per request token used
 * Cross Domain Support (Next version)

Quick Download
CSRF Protector PHP library

Quick Links
CSRFProtector.key CSRFProtector.pptx

Classifications

 * }

= Apache Module = = php library =