tags:

views:

22

answers:

0

Hi all, I have tested a JSF application with the CSRFtester tool, and the tool didn't report any CSRF problems. But I had read in the "OWASP_Top_10_2007_for_JEE.pdf", that all Java EE web application frameworks are vulnerable to CSRF and also some says we need to create a secret key for each session and append it to the url. By doing this way we can secure our JSF application from the CSRF attack.This makes me confused. I cannot find any clear documentation. IS JSF is vulnerable to CSRF attack? What was the right way to protect a JSF application from CSRF attacks? Please help me out!!

Thanks in Advance!!