Cross-site Request Forgery (CSRF)
May 11, 2024
Updated July 12, 2025
12 minute read
Cross-site Request Forgery (CSRF) is a type of attack that tricks a user into submitting a request to a web application that they are authenticated to, without their knowledge or consent. This can be done by sending the user a specially crafted link or by embedding a script into a website that they visit.
How CSRF Works
CSRF attacks work by exploiting the way that web browsers handle cookies. When a user is logged into a website, their browser sends a cookie with every request to that website. This cookie contains a unique identifier that allows the website to identify the user and track their session. If an attacker can trick a user into clicking on a specially crafted link or visiting a website that embeds a script, they can send a request to the web application that is authenticated with the user's cookie. This request can be used to perform any action that the user is authorized to perform, such as changing their password or making a purchase.
Preventing CSRF Attacks
There are a number of ways to prevent CSRF attacks, including:
q7uu7l|
Find a path to becoming a Cross-site Request Forgery (CSRF). Learn more at:
OpenCourser.com/topic/q7uu7l/cross
Reading list
We've selected six books
that we think will supplement your
learning. Use these to
develop background knowledge, enrich your coursework, and gain a
deeper understanding of the topics covered in
Cross-site Request Forgery (CSRF).
Covers a wide range of web application security topics, including CSRF attacks. It valuable resource for anyone who wants to learn more about web application security and how to protect their applications from attack.
Provides a comprehensive overview of web application security. It includes a chapter on CSRF attacks that provides detailed information on how to prevent CSRF vulnerabilities in web applications.
Covers a wide range of web application security topics, including CSRF attacks. It valuable resource for anyone who wants to learn more about web application security and how to protect their applications from attack.
Provides a practical guide to penetration testing. It includes a chapter on CSRF attacks that provides detailed instructions on how to test for and prevent CSRF vulnerabilities.
Provides a comprehensive overview of security in ASP.NET Core. It includes a chapter on CSRF attacks that provides detailed information on how to prevent CSRF vulnerabilities in ASP.NET Core applications.
Provides a beginner-friendly introduction to web application security. It includes a chapter on CSRF attacks that provides basic information on how to prevent CSRF vulnerabilities.
For more information about how these books relate to this course, visit:
OpenCourser.com/topic/q7uu7l/cross
Save
