concept

CSRF

CSRF (Cross-Site Request Forgery) is a web security vulnerability that allows an attacker to trick a user's browser into making unauthorized requests to a trusted website where the user is authenticated. It exploits the trust that a web application has in a user's browser, typically by embedding malicious requests in links, forms, or scripts on a third-party site. This can lead to actions like changing account settings, making transactions, or deleting data without the user's consent.

Also known as: Cross-Site Request Forgery, CSRF Attack, Session Riding, One-Click Attack, XSRF
🧊Why learn CSRF?

Developers should learn about CSRF to build secure web applications that protect against unauthorized actions by authenticated users. It is crucial for any application handling sensitive operations, such as banking, e-commerce, or social media platforms, where user sessions are involved. Understanding CSRF helps implement defenses like anti-CSRF tokens, same-site cookies, and proper request validation to prevent exploitation.

Compare CSRF

CSRF vs Xss AttacksCSRF vs Sql InjectionCSRF vs Clickjacking

Learning Resources

📄
OWASP CSRF Prevention Cheat Sheet
docs
📄
MDN Web Docs: Cross-Site Request Forgery (CSRF)
docs
📝
PortSwigger: CSRF Tutorial
tutorial
🎬
YouTube: CSRF Explained by Computerphile
video
📚
Book: 'Web Application Security' by Andrew Hoffman
book

Related Tools

Web SecurityAuthenticationSession ManagementOwasp Top 10Csrf Tokens

Alternatives to CSRF

Xss AttacksSql InjectionClickjacking