Security Intermediate

What is CSRF (Cross-Site Request Forgery)?

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

CSRF exploits the trust a website has in a user's browser. An attacker creates a page with a hidden form that submits to the target site. If the user is logged in, the browser sends their cookies, and the request succeeds.

Prevention includes CSRF tokens (unique per-session tokens in forms), SameSite cookie attribute, checking the Referer/Origin header, and requiring re-authentication for sensitive actions.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

Certificate Pinning

A security technique that associates a host with its expected TLS certificate or public key, preventing man-in-the-middle attacks with fraudulent certificates.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

Security Headers

HTTP response headers that instruct browsers to enable security features like XSS protection, framing prevention, and content type enforcement.

Practices and mechanisms for protecting APIs from unauthorized access, data breaches, and abuse.

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

Input Validation

The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.

View All Security Terms →