Category:OWASP CSRFGuard Project
Welcome to the home of the OWASP CSRFGuard Project! OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks.
The OWASP CSRFGuard library is integrated through the use of a JavaEE Filter and exposes various automated and manual ways to integrate per-session or pseudo-per-request tokens into HTML.
What is CSRFGuard?
OWASP CSRFGuard provides:
The CSRFGuard project is run by Azzeddine RAMRAMI. He can be contacted at azzeddine.ramrami AT owasp.org. CSRFGuard distributions are currently maintained on GitHub.
Presentation & Manual
Link to presentation
The CSRFGuard project is run by Azzeddine RAMRAMI. He can be contacted at azzeddine.ramrami AT owasp.org.
Download and build the latest source code from GitHub :
Download and build the latest source code from GitHub - https://github.com/aramrami/OWASP-CSRFGuard
Deprecated Releases - article containing several download references to deprecated and officially unsupported releases
OWASP CSRFGuard v3 - series of articles describing the installation, configuration, and deployment of OWASP CSRFGuard v3.
News and Events
This project can be purchased as a print on demand book from Lulu.com
Here a complete CSRF attacks FAQ:
CSRFGuard is developed by a worldwide team of volunteers. The primary contributors to date have been:
- Ahamed Nafeez, Security Engineer.
- Christa Erwin, Security, Programmer/Analyst.
- Eric Sheridan was the original designer of CSRFGuard until 3.0 version.
As of CSRFGuard the priorities are:
- Support for Internet Explorer
- Addressing outstanding issues listed in GitHub
- Support for Multi-part requests
- Add support for the 'Origin' header
Involvement in the development and promotion of CSRFGurd is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Make fix to the actual version
- Propose a security enhcement
- Write a complete Architecture Folder for CSRFGurd
- Add an IA engine to detect unknown attacks.
You can sign up for the OWASP CSRFGuard email list at https://lists.owasp.org/mailman/listinfo/owasp-csrfguard