Ars Technica

Study finds that AJAX toolkits don’t protect against JavaScript security vulnerabilities

A security advisory (PDF) issued by Fortify Software reveals that the vast majority of popular AJAX toolkits have no built-in security mechanisms to protect against JSON-based cross-site request ...
Dark Reading

Can We End CSRF With Header-Based Browser Policies?

As the security community continues to look for easier ways to mitigate the risk of all-too-common Cross-Site Request Forgery (CSRF) attacks, many within the industry have lamented the difficulties ...
Hackaday

csrf token

One of the hackers over at Bitquark popped a shell on on the Oculus Developer Portal giving him full reign over the special admin panel inside. If he felt so inclined, this allowed him edit users, ...