Data dodania Pytanie
2017-12-03 09:12 OWASP CSRFGuard »
I'm trying to use CSRFGuard in order to use the anti csrf token as written in owasp csrfguard. I've added to my project everything needed (exactly as...
(0) odpowiedzi
2017-11-21 08:11 Extjs Hidden Iframe requests are missing OWASP CSRF token »
Recently we have implemented OWASP CSRF security token concept to handle CSRF attacks. I used below links as reference to implement https://www.owas...
(1) odpowiedzi
2017-11-08 21:11 OWASP CSRF Token Hijacking Fix »
Could someone please help me understand why OWASP had to make this change to their reference implementation https://github.com/aramrami/OWASP-CSRFGua...
(1) odpowiedzi
2017-09-07 15:09 RangeError when implementing CSRFGuard javascript with EJS »
Configuration in the backend for csrfguard is completed successfully. The token generates (this is the modified javascript and is correct): /** ...
(0) odpowiedzi
2017-08-08 00:08 Is it possible for a mobile app request to be sniffed even if https? »
We are developing a hybrid mobile application and for certain function calls, there is a url called. Here is a sample request for getting user informa...
(1) odpowiedzi
2017-08-01 14:08 Owasp CsrfGuard in Struts 1.x »
I am modifying a legacy application using Struts 1.x. I want to integrate CsrfGuard 3.0 for cross-site protection using a token per session (not per p...
(0) odpowiedzi
2017-04-09 13:04 Implementing OWASP error on Tomcat :required token is missing from the request »
I am using Tomcat 8.5 on Windows Server 2012 and have tried to implement CSRF protection This question is similar to CSRFGuard : required token is m...
(0) odpowiedzi
2017-03-26 13:03 Implementing oWasp CSRF Guard - The method getContextPath() is undefined for the type ServletContext »
The following code from oWasp CSRF Guard https://github.com/aramrami/OWASP-CSRFGuard generates the following error: (compiling under Java 7, Eclipse) ...
(0) odpowiedzi
2017-01-31 12:01 How to get CSRF token on authorization request with OWASP ZAP in bruteforce mode »
I am a new in OWASP ZAP, so I need your help. I have vulnerability site - DVWA. I am trying to work on token (CSRF) in bruteforce. When page load I ...
(1) odpowiedzi
2017-01-04 17:01 Rails Brakeman SQL injection warning while accessing an oracle view/function »
I have rails code that is consuming an oracle view/function. This is my code: def run_query connection.exec_query( "SELECT * FROM TABLE(FN...
(1) odpowiedzi
2016-12-07 00:12 jCaptcha java API security issue »
We are using jCaptcha (Altassian) java API in our project. Refer the implementation: https://jcaptcha.atlassian.net/wiki/display/general/5+minutes+app...
(0) odpowiedzi
2016-12-01 12:12 OWASP ZAP: send CSRF to scan restricted sites »
I'm trying to auto login to a web page (which i wan't to crawl and scan) via Form-based authentication (ZAP/Session Management/Context). Unfortunately...
(0) odpowiedzi
2016-11-25 09:11 OWASP HTML Sanitizer cleans comments »
I have application where customer can store following html lines in order to load different styles for actual browser: <!--[if IE 6]><link r...
(0) odpowiedzi
2016-10-03 17:10 csrfguard token not added for jquery plugin call »
we are using CSRFGuard 3.1.0 in our web project. We have added the all the configurations - references in web.xml , javascriptservlet in html page , ...
(0) odpowiedzi
2016-09-14 21:09 CSRFGuard landing page not displaying »
I am trying to get CSRFGuard from the OWSAP github to work, but when I place the following code in the web.xml file, my app fails to load the default ...
(0) odpowiedzi
2016-09-07 22:09 CSRFGuard : CSRF Token becomes invalid once Session timeouts on Login page »
How to handle CSRF Token becomes invalid once Session timeouts on Login page when using CSRFGuard. I need to avoid page refresh to keep session alive....
(0) odpowiedzi
2016-08-23 02:08 Tool to check known vulnerabilities in php project using composer »
I am working on a php project that uses composer but some of the dependencies are very old, including the php version. We are trying to convince the c...
(1) odpowiedzi
2016-07-30 12:07 OWASP CsrfGuard throwing IllegalArgumentException and NullPointerException »
I’m trying to implement OWASP CsrfGuard in my Spring MVC based web application, I followed the instructions to OWASP site to configure it but when m...
(0) odpowiedzi
2016-06-24 22:06 Issue with CSRFGUARD: Uncaught SyntaxError: Failed to execute 'setRequestHeader' on 'XMLHttpRequest': '/** »
I am currently using CSRFGuard 3.1 on an application and everything works fine in Internet Explorer but I am getting the following error in CHROME Un...
(0) odpowiedzi
2016-06-20 18:06 How to send Owasp CSRF token with httpclient »
I do a http POST with commons httpclient in one of my jsp files. For that I need to send the CSRF token along with. I am using the OWasp CSRF guard. A...
(0) odpowiedzi
2016-04-20 12:04 Spring Security CSRF protection of REST backend - transfer Synchronizer Token Pattern to the client »
I read a lot about Spring Securitys CSRF protection, but i still struggle a little bit. Now the documentation is great as usual, but it's completely b...
(0) odpowiedzi
2016-02-03 04:02 Are there reason why web devs dont use CSRF for login pages »
I recently realized that a few production web applications I was running. Diddnt have csrf protection for the login page. It is only after authentic...
(2) odpowiedzi
2016-01-26 13:01 Why should I put a CSRF token in a JWT token? »
I want to bring a doubt about JWT tokens and CSRF from the Stormpath post that explain the advantages and disadvantages of storing the JWT either in l...
(1) odpowiedzi
2015-12-14 13:12 OWASP csrfguard not loading css on first visit »
I implemented the csrfguard in my project and everything is working fine but when I load a page it first loads the html without layout and after a ref...
(0) odpowiedzi
2015-11-30 14:11 OWASP CSRFGuard error »
Inside an application, I am trying to integrate CSRFGuard library in order to prevent CSRF attacks. Today, I am facing a problem: I can't access a pa...
(0) odpowiedzi
2015-11-17 05:11 CSRF and OWASP ZAP »
We have a Grails application and we are currently doing some OWASP ZAP security scan. There has been some Anti CSRF Tokens Scanner alerts that have co...
(1) odpowiedzi
2015-10-09 17:10 Web Security: Preventing CSRF attack »
I am following this tutorial for an application based in spring framework 3.2.4 http://springdiaries.blogspot.be/2012/12/web-security-preventing-csrf...
(0) odpowiedzi
2015-10-09 13:10 Key for session.getAttribute() is null using OWASP_CSRFTOKEN on a spring framework 3.2.4 app »
I am adding OWASP.CsrfGuard.jar to my spring 3.2.4 application to prevent CSRF attacks (CSRF is an attack which forces an end user to execute unwanted...
(0) odpowiedzi
2015-10-08 10:10 Setting Owasp.CsrfGuard.properties in a Spring framework application »
I am adding OWASP.CsrfGuard.jar to my spring 3.2.4 application to prevent CSRF attacks, but I am not sure how to config it. The entry point of my appl...
(0) odpowiedzi
2015-09-21 10:09 CSRF Guard on Grails »
I would just like to ask if there's anyone who already have used CSRFGuard on a Grails project? I tried to make it work on my Grails application but O...
(0) odpowiedzi