Defending the Web Browser
There is a fool-proof defense against CSRF for the truly paranoid: change browsing habits. Its level of protection, though, is directly proportional to the level of inconvenience. Only visit one Web site at a time, avoiding multiple browser windows or tabs. When finished with a site, use its logout mechanism rather than just closing the browser or moving on to the next site. Don't use any “remember me” or autologin features if the Web site offers it – an effective prescription perhaps, but one that quickly becomes inconvenient.
Internet Explorer 8 and Browser Extensions
Internet Explorer 8 introduced the X-FRAME-OPTIONS response header to help site developers control how the browser will render content within a frame. ...
Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
