nosurf - CSRF protection middleware for Go.

  •        43

nosurf is an HTTP package for Go that helps you prevent Cross-Site Request Forgery attacks. It acts like a middleware and therefore is compatible with basically any Go HTTP application.Even though CSRF is a prominent vulnerability, Go's web-related package infrastructure mostly consists of micro-frameworks that neither do implement CSRF checks, nor should they.

http://godoc.org/github.com/justinas/nosurf
https://github.com/justinas/nosurf

Tags
Implementation
License
Platform

   




Related Projects

csrf - gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services

  •    Go

gorilla/csrf is also compatible with middleware 'helper' libraries like Alice and Negroni....and then collect the token with csrf.Token(r) in your handlers before passing it to the template, JSON body or HTTP header (see below).

csurf - CSRF token middleware

  •    Javascript

Node.js CSRF protection middleware. Requires either a session middleware or cookie-parser to be initialized first.

fusker - Fusker is a static HTTP server that provides optional security features for HTTP/Socket.io

  •    CoffeeScript

You think you're one raw dog? fusker.nodester.com Come at me bro. Please see this for a working express example. It's as easy as app.use(fusker.express.check); Detectives/payloads are the same as they would be for the fusker HTTP server. Make sure fusker is the first piece of middleware added.

secure - HTTP middleware for Go that facilitates some quick security wins.

  •    Go

Secure is an HTTP middleware for Go that facilitates some quick security wins. It's a standard net/http Handler, and can be used with many frameworks or directly with Go's net/http package.Be sure to include the Secure middleware as close to the top (beginning) as possible (but after logging and recovery). It's best to do the allowed hosts and SSL check before anything else.


hacker101 - Hacker101

  •    Ruby

Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.

play-pac4j - Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT

  •    Java

The play-pac4j project is an easy and powerful security library for Play framework v2 web applications which supports authentication and authorization, but also logout and advanced features like CSRF protection. It can work with Deadbolt. It's based on Play 2.6 (and Scala 2.11 or Scala 2.12) and on the pac4j security engine v3. It's available under the Apache 2 license. The LogoutController logs out the user from the application.

GameOver

  •    PHP

Training and educating about the web security

express-jwt-permissions - :vertical_traffic_light: Express middleware for JWT permissions

  •    Javascript

Middleware that checks JWT tokens for permissions, recommended to be used in conjunction with express-jwt. This middleware assumes you already have a JWT authentication middleware such as express-jwt.

OpenSC - Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend

  •    C

OpenSC provides a set of libraries and utilities to work with smart cards. Its main focus is on cards that support cryptographic operations and facilitate their use in security applications such as authentication, mail encryption and digital signatures. OpenSC implements the PKCS11 API so applications supporting this API (such as Mozilla Firefox and Thunderbird) can use it. On the card OpenSC implements the PKCS15 standard and aims to be compatible with every software/card that supports it.

express-paginate - Paginate middleware

  •    Javascript

Node.js pagination middleware and view helpers. v0.2.0+: As of v0.2.0, we now allow you to pass ?limit=0 to get infinite (all) results. This may impose security or performance issues for your application, so we suggest you to write a quick middleware fix such as the one below, or use rate limiting middleware to prevent abuse.

Security - Middleware for security and authorization of web apps.

  •    CSharp

Contains the security and authorization middlewares for ASP.NET Core.A list of community projects related to authentication and security for ASP.NET Core are listed in the documentation.

express-rate-limit - Basic rate-limiting middleware for express

  •    Javascript

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset. Note: this module does not share state with other processes/servers by default. If you need a more robust solution, I recommend using an addon store or trying out one of the excelent competing options.

express-gateway - A microservices API Gateway built on top of ExpressJS

  •    Javascript

Express Gateway is an API Gateway that sits at the heart of any microservices architecture, regardless of what language or platform you're using. Express Gateway secures your microservices and exposes them through APIs using Node.js, ExpressJS and Express middleware. Developing microservices, orchestrating and managing them now can be done insanely fast all on one seamless platform without having to introduce additional infrastructure. Express Gateway is commerically supported LunchBadger. For more information about support plans please contact info@express-gateway.io.

session - Simple session middleware for koa

  •    Javascript

Simple session middleware for Koa. Defaults to cookie-based sessions and supports external stores. The cookie name is controlled by the key option, which defaults to "koa:sess". All other options are passed to ctx.cookies.get() and ctx.cookies.set() allowing you to control security, domain, path, and signing among other settings.

eXlent2k7

  •    PHP

eXlent2k7 is a CMS based on the most modern technologies (XHTML 1.1, CSS 2.1, PHP 5 objects, PDO, XML, DOM) with good security (CSRF protection, XSS prevention in template system, JavaScript can be disabled, SQL injection prevention in database class).

IIS Secure Parameter Filter (SPF)

  •    

SPF is an application security module Microsoft IIS web servers. SPF provides instant out-of-the-box protection against Parameter Tampering, Cross-Site Scripting (XSS), URL Manipulation, Cross-Site Request Forgery (CSRF), and Session Hijacking/Replay attacks.

play-rest-security

  •    Java

The move towards Single Page Apps and RESTful services open the doors to a much better way of securing web applications. Traditional web applications use browser cookies to identify a user when a request is made to the server. This approach is fundamentally flawed and causes many applications to be vulnerable to Cross-Site Request Forgery (CSRF) attacks. When used correctly, RESTful services can avoid this vulnerability altogether. Before we go into the solution, lets recap the problem. HTTP is a stateless protocol. Make a request and get a response. Make another request and get another response. There is no correlation (i.e. "state") between these requests. This poses a problem when you need to identify a user to the system because one request logs the user in and another request needs to tell the server who is making the request.

osprey - Generate Node.JS API middleware from a RAML definition

  •    Javascript

Generate API middleware from a RAML definition, which can be used locally or globally for validating API requests and responses. Osprey can be used as a validation proxy with any other API server. Just install the module globally and use the CLI to set up the application endpoint(s) to proxy, as well as the RAML definition to use. Invalid API requests will be blocked before they reach your application server.

express-brute - Brute-force protection middleware for express routes by rate limiting incoming requests

  •    Javascript

A brute-force protection middleware for express routes that rate-limits incoming requests, increasing the delay with each request in a fibonacci-like sequence. An in-memory store for persisting request counts. Don't use this in production, instead choose one of the more robust store implementations listed below.