Ars Technica

Study finds that AJAX toolkits don’t protect against JavaScript security vulnerabilities

A security advisory (PDF) issued by Fortify Software reveals that the vast majority of popular AJAX toolkits have no built-in security mechanisms to protect against JSON-based cross-site request ...
Information Age

How to fix the CSRF vulnerability in popular web frameworks?

True, CSRF is not as common nowadays, but it doesn’t mean it’s not harmful to a web app or website. On the contrary, it can cause big problems for your business and your users. The prominent examples ...
Dark Reading

Can We End CSRF With Header-Based Browser Policies?

As the security community continues to look for easier ways to mitigate the risk of all-too-common Cross-Site Request Forgery (CSRF) attacks, many within the industry have lamented the difficulties ...