Thursday, March 24, 2011

Anti-CSRF Defense: HTTP_Referer Check, A Common Mistake

Simply validating hostname in HTTP Referer, a widely deployed quick anti-csrf defense, can easily be bypassed if not correctly done.

No comments:

Post a Comment

secure configurations for Laravel - The PHP Framework

This framework is makes security simple to achieve.  Out of all non-default settings, the little following can be set to achieve higher secu...