Protection against CSRF part 2
Published: Tue, 21 Aug 2007 08:39:20 GMT
Updated: Sat, 22 Mar 2025 15:38:03 GMT
Continuing from my previous post I have decided to provide demos of a lot of the techniques discussed. These techniques won't make your site 100% secure but they will help reduce the risk of attack. Remember you need to protect against XSS and these techniques will not stop your site from being attacked with XSS.
I created the following techniques whilst investigating OpenID security and I found many sites do not even employ a form token for site requests. The code is currently being developed but I hope it provides a good base for improving the security of your site.