csrf for JForum without javascript

Main menu:

Topics

Recent Posts

Blog

September 2014
M T W T F S S
« Aug    
1234567
891011121314
15161718192021
22232425262728
2930  

Past Posts

Java/Java EE

JDBC

Other

Archive for category JavaRanch

csrf for JForum without javascript

March 23rd, 2013 by Jeanne Boyarsky

In February, I wrote a three part series on how we fixed JForum on coderanch to protect from CSRF.  In included; Analysis Extending OWASP Problems Remaining problems Unfortunately, there were three remaining problems. Some mobile devices weren’t able to handle the JavaScript which added the tokens.  Meaning our site didn’t work on all mobile devices. […]

fixing csrf for jforum and csrf filter analysis (part 1)

February 9th, 2013 by Jeanne Boyarsky

This post goes through how we fixed CSRF (cross site request forgery) in JForum, issues encountered and approach.  It is useful reading for anyone who needs to protect against CSRF on their website. Background Stock JForum has a number of security vulnerabilities.  We’ve fixed a lot of the XSS ones.  We hadn’t fixed CSRF as […]

csrf – jforum cleanup and problems

February 9th, 2013 by Jeanne Boyarsky

See part 1 for how we got here  and part 2 for how we changed the OWASP filter. Code cleanup and problems There is some poorly written code in JForum that CSRF now prevents from working.  In these cases, I needed to clean up our code.  For example: Links/anchors shouldn’t be used to update state.  They […]