Win a copy of Micro Frontends in Action this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10

 
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am addressing some of the Ethical hack vulnerabilites to my web site like Cross site scripting, sql injection and others.
Now I am trying to incorporate the Cross-Site Request Forgery(CSRF) prevention in Struts 1.3.10.
Is struts having any feature like this or how to achieve it in struts? PLease throw some light on it. thanks.
 
Mike Thomson
Ranch Hand
Posts: 121
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
any help?
 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have not used either yet, but I'm looking at HDIV (www.hdiv.org) and OWASP (http://www.owasp.org/index.php/CSRF_Guard). HDIV looks more efficient, as the OWASP CSRFGuard parses the HTML produced by the Web App.
 
Barry's not gonna like this. Barry's not gonna like this one bit. What is Barry's deal with tiny ads?
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic