Protection against CSRF part 2
By Gareth Heyes (@hackvertor)
Published 18 years 4 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read
Continuing from my previous post I have decided to provide demos of a lot of the techniques discussed. These techniques won't make your site 100% secure but they will help reduce the risk of attack. Remember you need to protect against XSS and these techniques will not stop your site from being attacked with XSS.
I created the following techniques whilst investigating OpenID security and I found many sites do not even employ a form token for site requests. The code is currently being developed but I hope it provides a good base for improving the security of your site.