concept

CSRF

CSRF (Cross-Site Request Forgery) is a web security vulnerability that allows an attacker to trick a user's browser into making unauthorized requests to a web application where the user is authenticated. It exploits the trust that a web application has in a user's browser, potentially leading to actions like changing account settings or making transactions without the user's consent. This attack typically occurs when malicious websites or emails cause the browser to send requests to a vulnerable site using the user's stored authentication credentials.

Also known as: Cross-Site Request Forgery, XSRF, Sea Surf, Session Riding, One-Click Attack
🧊Why learn CSRF?

Developers should learn about CSRF to build secure web applications that protect user data and prevent unauthorized actions, especially for sites handling sensitive operations like banking, e-commerce, or account management. It's crucial when implementing authentication and session management, as CSRF attacks can bypass other security measures if not properly mitigated. Understanding CSRF helps in implementing defenses like anti-CSRF tokens, same-site cookies, and proper request validation to ensure application integrity.

Compare CSRF

CSRF vs ClickjackingCSRF vs XssCSRF vs Sql Injection

Learning Resources

📄
OWASP CSRF Prevention Cheat Sheet
docs
📄
MDN Web Docs: Cross-Site Request Forgery (CSRF)
docs
📝
PortSwigger: CSRF Tutorial
tutorial
🎬
YouTube: CSRF Explained by Computerphile
video
📚
Book: 'Web Application Security' by Andrew Hoffman
book

Related Tools

Web SecurityAuthenticationSession ManagementHttp HeadersOwasp Top 10

Alternatives to CSRF

ClickjackingXssSql Injection