Scanning sites with anti-CSRF tokens

No due date 16% complete

Scanning sites with anti-CSRF tokens enabled is a really hard task to achieve, since the CSRF token implementation can be really strict and make the whole scan useless. I want to perform these tasks: Identify the top 3 methods for CSRF (hidden form param, cookie? special header?) Identify the top 3 implementations (maybe: Django, Ruby, Zend-PHP) and crea…

Scanning sites with anti-CSRF tokens enabled is a really hard task to achieve, since the CSRF token implementation can be really strict and make the whole scan useless. I want to perform these tasks: Identify the top 3 methods for CSRF (hidden form param, cookie? special header?) Identify the top 3 implementations (maybe: Django, Ruby, Zend-PHP) and create test applications Write tests that scan these three test applications Modify the framework to PASS these tests