Protection against CSRF part 2

Back to articles

hackvertor

Author:

Gareth Heyes

@hackvertor

Published: Tue, 21 Aug 2007 08:39:20 GMT

Updated: Sat, 22 Mar 2025 15:38:03 GMT

Continuing from my previous post I have decided to provide demos of a lot of the techniques discussed. These techniques won't make your site 100% secure but they will help reduce the risk of attack. Remember you need to protect against XSS and these techniques will not stop your site from being attacked with XSS.

I created the following techniques whilst investigating OpenID security and I found many sites do not even employ a form token for site requests. The code is currently being developed but I hope it provides a good base for improving the security of your site.

CSRF Demos

Back to articles