OWASP Developer Guide

CSRFGuard library

5.3.2 CSRFGuard library

OWASP CSRFGuard is a security control that helps protect Java applications against Cross-Site Request Forgery (CSRF) attacks.

The CSRFGuard Builder/Breaker Tool project is an OWASP Production Project and is being actively maintained by a pool of international volunteers.

What is CSRFGuard?

OWASP CSRFGuard is a library that implements a variant of the synchronizer token pattern to mitigate the risk of Cross-Site Request Forgery (CSRF) attacks for Java applications.

The OWASP CSRFGuard library is integrated through the use of a JavaEE Filter and exposes various automated and manual ways to integrate per-session or pseudo-per-request tokens into HTML. When a user interacts with this HTML, CSRF prevention tokens are submitted with the corresponding HTTP request. CSRFGuard ensures the token is present and is valid for the current HTTP request.

Why use it?

The OWASP CSRFGuard library is widely used for Java applications, and will help mitigate against CSRF.

How to use it

Pre-compiled versions of the CSRFGuard library can be downloaded from the Maven Central repository or the OSS Sonatype Nexus repository.

Follow the instructions to build CSRFGuard into the Java application using Maven.

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.