Ari Elias-Bachrach
Ari Elias-Bachrach
Defensium
Silver Spring,
MD
USA
Biographical Sketch: In the course of implementing CSRF defenses in the extremely broad (over 3000 web applications) and diverse environment that is the NIH, I have found that not all CSRF defenses are created equal. A lot of research, experimentation, and conversations with vendors and developers have yielded an understanding of the wide variety of csrf defenses and their tradeoffs, which I would like to share with the industry at large.
Papers:
CSRF: not all defenses are created equal