Simon Willison’s Weblog

6th August 2018 - Link Blog

OWASP Top 10 2007-2017: The Fall of CSRF. I was surprised to learn recently that CSRF didn’t make it into the 2017 OWASP Top 10 security vulnerabilities (after featuring almost every year since the list started). The credited reason is that web frameworks do a good enough job protecting against CSRF by default that it’s no longer a top-ten problem. Defaults really do matter.

Posted 6th August 2018 at 10:02 pm

Recent articles

Porting the Moebius 0.2B image inpainting model to run in the browser with Claude Code - 22nd June 2026
sqlite-utils 4.0rc1 adds migrations and nested transactions - 21st June 2026
Datasette Apps: Host custom HTML applications inside Datasette - 18th June 2026

This is a link post by Simon Willison, posted on 6th August 2018.

csrf 54 owasp 4 security 610

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe