May 27, 2011

Cross Site Request Forgery (CSRF) 相關資源與參考

什麼是CSRF?
https://www.owasp.org/index.php/CSRF

Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet

The Cross-Site Request Forgery (CSRF/XSRF) FAQ
http://www.cgisecurity.com/csrf-faq.html

ViewState是否能預防CSRF之研究 - ViewStateUserKey Doesn’t Prevent Cross-Site Request Forgery
http://alexsmolen.com/blog/?p=21

OWASP上針對解決CSRF的Open Source專案 - .Net CSRF Guard
https://www.owasp.org/index.php/.Net_CSRF_Guard

Codeplex上針對解決CSRF的Open Source專案 - AntiCSRF
http://anticsrf.codeplex.com/

Beginning ASP.NET Security一書(69~80頁)中針對CSRF的解釋與預防實作
http://www.amazon.com/Beginning-ASP-NET-Security-Wrox-Programmer/dp/0470743654