Confirmed users
81
edits
WebAppSec/Secure Coding Guidelines: Difference between revisions
WebAppSec/Secure Coding Guidelines (view source)
Revision as of 11:12, 23 September 2011
, 23 September 2011added requirement to CSRF protection to ensure tokens are tied to the session
(added requirement to CSRF protection to ensure tokens are tied to the session) |
|||
| Line 235: | Line 235: | ||
* Characteristics of a CSRF Token | * Characteristics of a CSRF Token | ||
** Unique per user & per user session | ** Unique per user & per user session | ||
** Tied to the session | |||
** Large random value | ** Large random value | ||
** Generated by a cryptographically secure random number generator | ** Generated by a cryptographically secure random number generator | ||