Security Intermediate

What is CSRF (Cross-Site Request Forgery)?

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

CSRF exploits the trust a website has in a user's browser. An attacker creates a page with a hidden form that submits to the target site. If the user is logged in, the browser sends their cookies, and the request succeeds.

Prevention includes CSRF tokens (unique per-session tokens in forms), SameSite cookie attribute, checking the Referer/Origin header, and requiring re-authentication for sensitive actions.

Learn More About This Topic

SOC Analyst Fundamentals

Related reading

SOC Analyst Advanced: Incident Response & Forensics

Related reading

Ethical Hacking & Penetration Testing

Related reading

Related Terms

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

Webhook Signature Verification

A security mechanism that verifies webhook payloads are authentic and unmodified using cryptographic signatures.

Security Hardening

The process of reducing a system's attack surface by disabling unnecessary services, applying patches, and configuring security controls.

RBAC (Role-Based Access Control)

An access control model where permissions are assigned to roles, and users are assigned to roles rather than getting permissions directly.

Penetration Testing

An authorized simulated cyberattack on a system to evaluate its security defenses and identify vulnerabilities.

Session Hijacking

An attack where an adversary takes over a legitimate user session by stealing or predicting the session identifier.

View All Security Terms →