search

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
https://cheatsheetseries.owasp.org
Creative Commons Attribution Share Alike 4.0 International
27.67k stars 3.88k forks source link

Update: Cross-Site Request Forgery Prevention Cheat Sheet #1215

Closed phalgunv closed 11 months ago

phalgunv commented 11 months ago

What is missing or needs to be updated?

Wikipedia page for CSRF mentions Cookie to header token as an anti-CSRF technique. https://en.wikipedia.org/wiki/Cross-site_request_forgery#Cookie-to-header_token

How should this be resolved?

The cheetsheet should be updated to mention the same.

szh commented 11 months ago

I agree, this cheat sheet should be updated to include this. Would you like to work on this and submit a PR?

phalgunv commented 11 months ago

Sure, I'll be happy to raise a PR.

phalgunv commented 11 months ago

I'm on a vacation now, will take a stab at this some next week.