-
Notifications
You must be signed in to change notification settings - Fork 87
Home
minhaz edited this page Jun 30, 2014
·
17 revisions
OWASP CSRF Protector Project is an effort by a group of developers in securing web applications against Cross Site Request Forgery (CSRF), providing php library and an [Apache 2.x.x Module (mod_csrfprotector)](github.com/mebjas/mod_csrfprotector) (to be used differently) for easy mitigation.
CSRFP-php library is a standalone php library that can be used to mitigate CSRF in web application. It works as a server side interceptor, such that every request is processed by CSRFP before its actually processed by the web application logic. This facilitates, the validation of incoming request for **`CSRF token`** (Our logic is based on a [Pseudo Random Code](https://github.com/mebjas/CSRF-Protector-PHP/wiki/csrfp_token---pseudo-random-code-for-validation)). Upon successful validation request is forwarded to the web application. **Otherwise,** actions are taken as per configuration ([see configurations](https://github.com/mebjas/CSRF-Protector-PHP/wiki/Configurations))
Similarly, every output generated by the web application is filtered & modified by the library. The main task is to append a javascript code to the output generated. This is done by output buffering in php. Along with this a <noscript> information is appended for those browsers that do not support javascript.
Note:We'll soon have an api for non js servers as well.
Here is list of our resources you my need to deploy/integrate csrfp in your web application
PS: wiki still under development. Please create a Github issue for any correction.