Principal Consultant Subu Ramanathan explains the groundbreaking solution needed to eradicate CSRF

August 13, 2013

Can We End CSRF With Header-Based Browser Policies?

Newly proposed Storage Origin Security (SOS) policy presented at Black Hat could offer a simpler way to combat cross-site request forgery

As the security community continues to look for easier ways to mitigate the risk of all-too-common Cross-Site Request Forgery (CSRF) attacks, many within the industry have lamented the difficulties that make it tough to do CSRF token deployment just right. With so many moving parts, CSRF tokens are frequently used insecurely, if at all. That is why a pair of researchers from Qualys are now proposing a new header-based browser policy that they say could affect a much simpler and, therefore, more broadly effective means of countering CSRF attack techniques.

Read the rest here: https://www.darkreading.com/risk/can-we-end-csrf-with-header-based-browser-policies/d/d-id/1140295 

Previous Article
Is It Really Safe In The Cloud? VP Rohit Sethi discusses the security concerns of a centralized cloud provider on CNBC's Closing Bell
Is It Really Safe In The Cloud? VP Rohit Sethi discusses the security concerns of a centralized cloud provider on CNBC's Closing Bell

Next Article
VP Rohit Sethi is quoted in Credit Union Times article: Can HTTPS Still be Trusted
VP Rohit Sethi is quoted in Credit Union Times article: Can HTTPS Still be Trusted