- CSRF:
- Cross Site Request Forgery
- aka XSRF
Cross-Site Request Forgery (CSRF) is a type of cyber attack that tricks a user into executing unwanted actions on a web application in which they are currently authenticated. This vulnerability arises when an attacker sends a malicious request, often through a link or form, to a website where the user is logged in. Since the website cannot differentiate between legitimate requests made by the user and the forged requests sent by the attacker, it inadvertently processes the malicious request, potentially leading to unauthorized actions, such as changing account settings, making transactions, or accessing sensitive information.
To protect against CSRF attacks, developers can implement several security measures, including the use of anti-CSRF tokens, which are unique identifiers embedded in forms that must be submitted with any request. This ensures that the request originates from the authenticated user and not from a malicious source. Additionally, employing the SameSite cookie attribute can restrict how cookies are sent with cross-site requests, further mitigating the risk of CSRF attacks.
is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.
https://owasp.org/www-community/attacks/csrf