concept

Cross-Site Request Forgery

Cross-Site Request Forgery (CSRF) is a web security vulnerability that allows an attacker to trick a user's browser into making unauthorized requests to a web application where the user is authenticated. It exploits the trust that a web application has in a user's browser by forcing the browser to perform actions without the user's consent, such as changing account settings or making transactions. This attack typically occurs when malicious websites, emails, or scripts cause the user's browser to send requests to a target site where the user is logged in.

Also known as: CSRF, XSRF, Session Riding, One-Click Attack, Cross Site Reference Forgery
🧊Why learn Cross-Site Request Forgery?

Developers should learn about CSRF to protect web applications from unauthorized actions performed on behalf of authenticated users, which is critical for applications handling sensitive data like banking, e-commerce, or social media. Understanding CSRF is essential when building or maintaining web applications that use session-based authentication, as it helps implement defenses like anti-CSRF tokens, same-site cookies, or custom headers to prevent such attacks. This knowledge is particularly important in modern web development with frameworks that handle state and authentication, ensuring compliance with security standards and protecting user data.

Compare Cross-Site Request Forgery

Cross-Site Request Forgery vs Cross Site ScriptingCross-Site Request Forgery vs Sql InjectionCross-Site Request Forgery vs Clickjacking

Learning Resources

📄
OWASP CSRF Prevention Cheat Sheet
docs
📄
MDN Web Docs: Cross-Site Request Forgery (CSRF)
docs
📝
PortSwigger Web Security Academy: CSRF
tutorial
🎬
YouTube: CSRF Explained with Examples
video
📚
Book: The Web Application Hacker's Handbook
book

Related Tools

Web SecuritySession ManagementAuthenticationOwasp Top 10Http Headers

Alternatives to Cross-Site Request Forgery

Cross Site ScriptingSql InjectionClickjacking