Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Advanced CSRF and Stateless Anti-CSRF - owasp
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Triple Submit<br />
(<strong>CSRF</strong> protection)<br />
R<strong>and</strong>om HttpOnly cookie<br />
Cookie value as<br />
request parameter<br />
Stateful:<br />
Cookie name saved in server session<br />
<strong>Stateless</strong>:<br />
Server only accepts one such cookie (checks format)