什麼是CSRF?
https://www.owasp.org/index.php/CSRF
Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
The Cross-Site Request Forgery (CSRF/XSRF) FAQ
http://www.cgisecurity.com/csrf-faq.html
ViewState是否能預防CSRF之研究 - ViewStateUserKey Doesn’t Prevent Cross-Site Request Forgery
http://alexsmolen.com/blog/?p=21
OWASP上針對解決CSRF的Open Source專案 - .Net CSRF Guard
https://www.owasp.org/index.php/.Net_CSRF_Guard
Codeplex上針對解決CSRF的Open Source專案 - AntiCSRF
http://anticsrf.codeplex.com/
Beginning ASP.NET Security一書(69~80頁)中針對CSRF的解釋與預防實作
http://www.amazon.com/Beginning-ASP-NET-Security-Wrox-Programmer/dp/0470743654
1 comment:
Thanks for this blog post
Post a Comment