Security Intermediate

What is CSRF (Cross-Site Request Forgery)?

An attack that tricks authenticated users into submitting unwanted requests to a web application they are logged into.

CSRF exploits the trust a website has in a user's browser. An attacker creates a page with a hidden form that submits to the target site. If the user is logged in, the browser sends their cookies, and the request succeeds.

Prevention includes CSRF tokens (unique per-session tokens in forms), SameSite cookie attribute, checking the Referer/Origin header, and requiring re-authentication for sensitive actions.

Related Terms

Cryptographic Key Management

The practices and procedures for generating, storing, distributing, rotating, and revoking encryption keys securely.

DDoS (Distributed Denial of Service)

An attack that floods a target server or network with traffic from multiple sources to overwhelm it and deny service to legitimate users.

SOC (Security Operations Center)

A centralized team and facility responsible for monitoring, detecting, analyzing, and responding to cybersecurity threats 24/7.

Data Loss Prevention (DLP)

A strategy and set of tools that detect and prevent unauthorized transmission of sensitive data outside an organization.

A regularly updated list of the ten most critical web application security risks, published by the Open Web Application Security Project.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

View All Security Terms →