Total 4 Posts

Cross-Site Request Forgery is dead!

After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies. As old as the Web itself Cross-Site Request Forgery, also known as CSRF…

Continue Reading

Let your framework do the heavy lifting

I recently found myself in a conversation about the difficulties of building and implementing effective CSRF protection. Not only was I struggling to get across the technical details of a CSRF attack, but there was a big focus on building a 'bespoke' solution. Cross-Site Request Forgery explained CSRF can be…

Continue Reading