fixing clickjacking and brute force login for jforum

Main menu:

Topics

Recent Posts

Blog

November 2014
M T W T F S S
« Oct    
 12
3456789
10111213141516
17181920212223
24252627282930

Past Posts

Java/Java EE

JDBC

Other

Archive for category JavaRanch

fixing clickjacking and brute force login for jforum

September 28th, 2014 by Jeanne Boyarsky

I’ve been blogging about some of the security fixes we’ve made in the CodeRanch fork of JForum such as XSS with quotes and CSRF. Today it is time to write about Clickjacking and preventing brute force logins. Clickjacking Clickjacking is an attack where someone includes your site in transparent frames and the attacker intercepts anything […]

csrf for JForum without javascript

March 23rd, 2013 by Jeanne Boyarsky

In February, I wrote a three part series on how we fixed JForum on coderanch to protect from CSRF.  In included; Analysis Extending OWASP Problems Remaining problems Unfortunately, there were three remaining problems. Some mobile devices weren’t able to handle the JavaScript which added the tokens.  Meaning our site didn’t work on all mobile devices. […]

fixing csrf for jforum and csrf filter analysis (part 1)

February 9th, 2013 by Jeanne Boyarsky

This post goes through how we fixed CSRF (cross site request forgery) in JForum, issues encountered and approach.  It is useful reading for anyone who needs to protect against CSRF on their website. Background Stock JForum has a number of security vulnerabilities.  We’ve fixed a lot of the XSS ones.  We hadn’t fixed CSRF as […]