Difference between revisions of "Talk:Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet"

From OWASP
Jump to: navigation, search
(Created page with 'Checking Referer Header is used to patch the most dangerous CSRF vulnerability ever discovered (which was by me http://www.kb.cert.org/vuls/id/643049 Michael Brooks). This arti…')
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Checking Referer Header is used to patch the most dangerous CSRF vulnerability ever discovered (which was by me http://www.kb.cert.org/vuls/id/643049 Michael Brooks).  This article is incorrect and I am chaining it.  If you have a problem then you should contact mebut as it stands I cannot allow this page to spread false information.
+
== Don't post theoretical attacks,  or "here say" on any OWASP page. ==
 +
 
 +
Look people.  A referer check is a valid form of protection and is currently being used to stop the most dangerous CSRF vulnerability ever discovered (according to the DHS: http://www.kb.cert.org/vuls/id/643049).  If you think it be exploitedPROVE IT.  Stop spreading clearly false information on OWASP.
 +
 
 +
Write an exploit and show me that it works.  Then you can change the owasp wiki.

Revision as of 17:42, 24 August 2012

Don't post theoretical attacks, or "here say" on any OWASP page.

Look people. A referer check is a valid form of protection and is currently being used to stop the most dangerous CSRF vulnerability ever discovered (according to the DHS: http://www.kb.cert.org/vuls/id/643049). If you think it be exploited, PROVE IT. Stop spreading clearly false information on OWASP.

Write an exploit and show me that it works. Then you can change the owasp wiki.