Fwd: The Encrypted Token Pattern CSRF Defence
19 views
Skip to first unread message
Claudia Casanovas
Feb 12, 2016, 4:22:07 PM2/12/16
to owasp-project-reviews
Adding Project Review Team
--
---------- Forwarded message ----------
From: Claudia Casanovas <claudia.avil...@owasp.org>
Date: Fri, Feb 12, 2016 at 1:20 PM
Subject: Re: The Encrypted Token Pattern CSRF Defence
To: Owen Pendlebury <owen.pe...@owasp.org>
Cc: Paul Mooney <pa...@daishisystems.com>, johanna curiel curiel <johanna...@owasp.org>
--
From: Claudia Casanovas <claudia.avil...@owasp.org>
Date: Fri, Feb 12, 2016 at 1:20 PM
Subject: Re: The Encrypted Token Pattern CSRF Defence
To: Owen Pendlebury <owen.pe...@owasp.org>
Cc: Paul Mooney <pa...@daishisystems.com>, johanna curiel curiel <johanna...@owasp.org>
Hi Paul,
Please review the following links and you can get started in the Process of Starting a New Project.
Once you have submitted your information I can then set up the wiki page for you. The example of the wiki page is below:
You can set your idea into a wiki page under the project idea category using this template:
Please let me know if you have questions.
On Fri, Feb 12, 2016 at 12:42 PM, Owen Pendlebury <owen.pe...@owasp.org> wrote:
Hi Johanna/ Claudia,Paul cc'd on this mail is interested in getting bringing his project to OWASP. Could you let him know what he needs to do.ThanksOwen
On Friday 12 February 2016, Paul Mooney <pa...@daishisystems.com> wrote:Hi Owen,Thanks for reaching out. Yes, I'm very keen to progress with this. What's the next step involved?PaulOn Thu, Feb 11, 2016 at 7:41 PM, Owen Pendlebury <owen.pe...@owasp.org> wrote:Hi Paul,Its been a while but the guys in the project department have sent this on in case you are still interested in making your project an OWASP project. Please see below---------- Forwarded message ----------
From: johanna curiel <johanna...@owasp.org>
Date: 11 February 2016 at 19:33
Subject: Re: The Encrypted Token Pattern CSRF Defence
To: OWASP PROJECT IDEAS <owasp-pro...@owasp.org>
Cc: Claudia Casanovas <Claudia.Avil...@owasp.org>Hi OwenAre you still interested to kick off this potential project?Please let us know, we rare trying to revive the project ideas into a pool of project and resourcesYou can set your idea into a wiki page under the project idea category using this template:If you need assistance let us knowCheersJohanna
On Thursday, June 18, 2015 at 3:02:42 PM UTC-4, Owen Pendlebury wrote:The Encrypted Token Pattern CSRF Defence
Blurb
The Encrypted Token Pattern is a defence mechanism against Cross Site Request Forgery (CSRF)
attacks, and is an alternative to its sister-patterns; Synchroniser Token, and Double Submit Cookie.
This article discusses the merits and means of implementing this defence mechanism in web-based
applications.
Brief Description
The Encrypted Token Pattern leverages a single token, as opposed to dual tokens, and offers a more
narrow scope of failure than alternative CSRF protection patterns.
Leveraging the Encrypted Token Pattern
The Advanced Resilient Mode of Recognition (ARMOR) is a C# implementation of the Encrypted
Token Pattern, available on GitHub under the MIT license that provides a means of protecting
ASP.NET applications from CSRF attacks, by leveraging the Encrypted Token Pattern. A Java
equivalent of ARMOR is under construction and will be available soon.
ARMOR
ARMOR is a framework composed of interconnecting components exposed through custom web-
handlers. ARMOR is essentially an advanced encryption and hashing mechanism, leveraging the
Rijndael encryption standard, and SHA256 hashing by default.
Creator Bio
http://insidethecpu.com/about/To view this discussion on the web visit https://groups.google.com/a/owasp.org/d/msgid/owasp-project-ideas/ed2e6d63-c28e-4a71-9bd4-e15107bf4b46%40owasp.org.--
You received this message because you are subscribed to the Google Groups "OWASP PROJECT IDEAS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to owasp-project-i...@owasp.org.
To post to this group, send email to owasp-pro...@owasp.org.
--
--
Owen Pendlebury
OWASP Ireland-Dublin Chapter Lead
johanna curiel curiel
Feb 25, 2016, 6:49:33 PM2/25/16
to Paul Mooney, owasp-project-reviews, Claudia Casanovas, Owen Pendlebury
Hi Paul
If already submitted this information, and you have provided everything to setup the project, including a repository and content for the wiki, I assume is ready to be created
Cheers
Johanna
On Thu, Feb 25, 2016 at 7:35 PM, Paul Mooney <pa...@daishisystems.com> wrote:
Hi guys,Just wondering if there's been any movement on this since we last spoke.Thanks,Paul
Johanna Curiel
OWASP Volunteer
Paul Mooney
Feb 26, 2016, 6:49:31 AM2/26/16
to johanna curiel curiel, owasp-project-reviews, Claudia Casanovas, Owen Pendlebury
Hi Johanna,
Thanks for your reply. Would you forward the wiki location so that I can get started, please?
Thanks,
Paul
johanna curiel curiel
Feb 26, 2016, 7:16:41 AM2/26/16
to Paul Mooney, owasp-project-reviews, Claudia Casanovas, Owen Pendlebury
Hi Paul,
Here is the wiki page I created for you
I do not have access to the information you submitted through the form, but please go ahead and fill it in.
Let Claudia know when you are ready or reply to this email
I assume you have wiki access. When you are ready , let us know.
Cheers
Johanna
Paul Mooney
Feb 26, 2016, 7:25:09 AM2/26/16
to johanna curiel curiel, owasp-project-reviews, Claudia Casanovas, Owen Pendlebury
Hi Johanna,
Thanks! I'll let you know when complete.
Paul
Claudia Casanovas
Feb 26, 2016, 8:28:53 AM2/26/16
to Paul Mooney, johanna curiel curiel, owasp-project-reviews, Owen Pendlebury
Hi Paul,
Apologies for the delay on reviewing the content. Once the wiki is complete will add the project to the inventory list and assign an owasp mail account for you and a mailing list for your project.
@Johanna, - thank you for your help in getting assigning the wiki page to Paul.
Claudia
Reply all
Reply to author
Forward
0 new messages