OWASP supports many volunteers efforts to produce security libraries which at the same time are used by many companies and developers, in order to secure their applications. This bounty program for CRSFGuard run by OWASP is to determine the protection level claimed by the library and verify that indeed the protected application is not vulnerable to CRSF attacks when using the library.
OWASP may provide rewards to eligible reporters of qualifying vulnerabilities.
About OWASP CSRFGuard
The OWASP CSRFGuard library is integrated through the use of a JavaEE Filter and exposes various automated and manual ways to integrate per-session or pseudo-per-request tokens into HTML.
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email firstname.lastname@example.org. We will address your issue as soon as possible.
This bounty requires explicit permission to disclose the results of a submission.