Saturday, April 12, 2008

CSRF Solutions

The problem: CSRF.

Jeremiah Grossman's explanation of the problem at RSA 08 :
http://www.slideshare.net/guestdb261a/csrfrsa2008jeremiahgrossman-349028/

OWASP CSRF Overview:
http://www.owasp.org/index.php/CSRF

Testing for CSRF:
http://www.owasp.org/index.php/CSRFTester

Java Filter for CSRF Protection:
http://www.owasp.org/index.php/CSRF_Guard

Java ESAPI Defense:
org.owasp.esapi.HTTPUtilities.addCSRFToken(String href)

Plaform's with built-in CSRF defense:
Drupal.org

Monday, April 7, 2008

ha.ckers.org pwnd?

It's strange and disheartening to see ha.ckers.org "down" this evening. I hope it's only unscheduled maintenance. I would hate to see the pwnders get pwnd!

Another interesting note: ha.ckers.org uses Wordpress? Ewwwwwwwwwwwwwwwwwww