PHPIDS » Web Application Security 2.0

We recently created a Google source code repository for CSRFx and a CRSFx Google group. This tool provides - besides a name which can’t be pronounced by human tongue - a possibility to protect existing PHP5 based web applications against CSRF attacks.

The tool gives the developer the chance to define request patterns which should be protected against CSRF. Also there’s the possibility to define request patterns which shouldn’t be protected to cover ranges like example.com/admin/whatever.

The implementation process is pretty easy. You just have to create a configuration file for your application (an example file for CakePHP is bundled, more will follow soon), define the request patterns, create the necessary database table, include the files First.php and Last.php via auto_prepend_file/auto_append_file and that’s it. You can of course also use your index.php for inclusion if that’s possible. We are already testing the tool on several live applications - so we can guarantee pretty good stability already.

If you’d like to play with it just grab the sources. Comments, Questions and contributions are heavily appreciated as usual. Have fun!

This entry was posted on Monday, November 19th, 2007 at 7:56 pm and is filed under CSRFx. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.