Security Intermediate

What is CSRF (Cross-Site Request Forgery)?

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

CSRF exploits the trust a website has in a user's browser. An attacker creates a page with a hidden form that submits to the target site. If the user is logged in, the browser sends their cookies, and the request succeeds.

Prevention includes CSRF tokens (unique per-session tokens in forms), SameSite cookie attribute, checking the Referer/Origin header, and requiring re-authentication for sensitive actions.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

CORS (Cross-Origin Resource Sharing)

A browser security mechanism that controls which web domains can access resources from another domain via HTTP requests.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

Two-Factor Authentication (2FA)

A security method requiring two different forms of identification before granting access to an account.

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

JWT (JSON Web Token)

A compact, self-contained token format used for securely transmitting information between parties as a JSON object.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

View All Security Terms →