CodeIgniter doesn't have a protection mechanism against XSRF/CSRF attacks. CISRF is a CodeIgniter helper that tries to patch this flaw. The code was developped and tested under CodeIgniter 1.7.1 and needs PHP 4.3+ to work properly.

=Introduction= PHP doesn't have any function or mechanism for CSRF vulnerabilities. Developers must implement their own functions to defend against this vulnerability. So, I have coded a small one-time-token library. *Some features of secureToken* : * Provides strong entropy for brute-force...

===Présentation=== CSRForm est une classe PHP5 qui facilite l'exploitation des failles de type CSRF (Cross Site Request Forgeries). ===Fonctionnement=== La classe CSRForm génère un formulaire invisible à la victime qui va s'auto-soumettre à l'aide d'une méthode javascript. ===Le petit plus==...

http://www.md5-db.com/Logo.png *Welcome to the code base of the .NETIDS (.NET Intrusion detection System). This tool is capable of detecting on attacks on web applications and gives the developer the possibility to react. The project files include filter rules and function stubs to react on possi...

<strong>OWASP ESAPI for Java: Strong, Simple Security Controls for Java Developers</strong> Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OW...

*OWASP ESAPI for PHP: Strong, Simple Security Controls for PHP Developers* Don’t write your own security controls! Reinventing the wheel when it comes to developing security controls for every web application or web service leads to wasted time and massive security holes. The OWASP Enterprise Sec...

Welcome to the distribution repository for the OWASP AntiSamy project (http://www.owasp.org/index.php/AntiSamy) is a collection of APIs for safely allowing users to supply their own HTML and CSS without exposing the site to XSS vulnerabilities. The methodology of AntiSamy is unique in that it is ...

The purpose of the ESAPI is to provide a simple interface that provides all the security functions a developer is likely to need in a clear, consistent, and easy to use way. The ESAPI architecture is very simple, just a collection of classes that encapsulate the key security operations most applicat...

The purpose of the .NET ESAPI is to provide a simple interface that provides all the ordinary security functions a developer is likely to need in a clear, consistent, and easy to use way. The .NET ESAPI architecture is very simple, just a collection of classes that encapsulate the key security op...

Brawler is the vision of a completely new scanner software to check web applications for common and generic security issues, completely written in PHP, highly extendable and tight. No third party software – except php for itself – is used. First release will come soon. Meanwhile check out the pr...