๐ŸŽ New User? Get 20% off your first purchase with code NEWUSER20 ยท โšก Instant download ยท ๐Ÿ”’ Secure checkout Register Now โ†’
Menu

Categories

Security Intermediate

What is CSRF (Cross-Site Request Forgery)?

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

CSRF exploits the trust a website has in a user's browser. An attacker creates a page with a hidden form that submits to the target site. If the user is logged in, the browser sends their cookies, and the request succeeds.

Prevention includes CSRF tokens (unique per-session tokens in forms), SameSite cookie attribute, checking the Referer/Origin header, and requiring re-authentication for sensitive actions.

Related Terms

Input Validation
The process of verifying that user-supplied data meets expected formats, types, and ranges before processing it.
OAuth 2.0
An authorization framework that allows third-party applications to access user resources without sharing passwords.
Firewall Rules
Configuration entries that define which network traffic is allowed or blocked based on source, destination, port, and protocol.
Data Loss Prevention (DLP)
A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.
RBAC (Role-Based Access Control)
An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.
DAST (Dynamic Application Security Testing)
Testing a running application from the outside by sending malicious requests to discover security vulnerabilities.
View All Security Terms โ†’