Talk:Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

Revision as of 14:31, 7 August 2013 by Michael Brooks (Talk | contribs)

Jump to: navigation, search

Don't post theoretical attacks, or "here say" on any OWASP page.

If you edit this page, please provide a rational. If you make a mindless edit without rationalization, it maybe reverted.

A referer check is a valid form of protection and is currently being used to stop the most dangerous CSRF vulnerability ever discovered (according to the DHS: If you think it be exploited, PROVE IT. Stop spreading clearly false information on OWASP.