Confirmed users
81
edits
WebAppSec/Secure Coding Guidelines: Difference between revisions
WebAppSec/Secure Coding Guidelines (view source)
Revision as of 11:34, 23 September 2011
, 23 September 2011→Preventing CSRF: clarified session tying
(added requirement to CSRF protection to ensure tokens are tied to the session) |
m (→Preventing CSRF: clarified session tying) |
||
| Line 235: | Line 235: | ||
* Characteristics of a CSRF Token | * Characteristics of a CSRF Token | ||
** Unique per user & per user session | ** Unique per user & per user session | ||
** Tied to | ** Tied to a single user session | ||
** Large random value | ** Large random value | ||
** Generated by a cryptographically secure random number generator | ** Generated by a cryptographically secure random number generator | ||