Edit: I realized I didn't mention the multitude of other ways to discourage CSRF including re-authentication, CAPTCHA, referrer checking, etc. This article deals only with the "secret token" approach to stopping CSRF. CSRF ( Cross-Site Request Forgery...
Sent via OWASP ESAPI mailing list : The ESAPI.NET project is now available on Google code ( http://code.google.com/p/owasp-esapi-dotnet/ ). The ESAPI.NET project is an implementation of the original ESAPI code base ( http://code.google.com/p/owasp-esapi...