Infosec glossary entry

CSRF

CSRF:
Cross Site Request Forgery
aka XSRF

Cross-Site Request Forgery (CSRF) is a type of cyber attack that tricks a user into executing unwanted actions on a web application in which they are currently authenticated. This vulnerability arises when an attacker sends a malicious request, often through a link or form, to a website where the user is logged in. Since the website cannot differentiate between legitimate requests made by the user and the forged requests sent by the attacker, it inadvertently processes the malicious request, potentially leading to unauthorized actions, such as changing account settings, making transactions, or accessing sensitive information.

To protect against CSRF attacks, developers can implement several security measures, including the use of anti-CSRF tokens, which are unique identifiers embedded in forms that must be submitted with any request. This ensures that the request originates from the authenticated user and not from a malicious source. Additionally, employing the SameSite cookie attribute can restrict how cookies are sent with cross-site requests, further mitigating the risk of CSRF attacks.

is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. https://owasp.org/www-community/attacks/csrf

By jean-christoph

February 15, 2022

AppSec, vulnerability, webapp
Leave a Comment

this might interest you as well

Lessons from Sun Tzu’s “The Art of War” in Cybersecurity: Timeless Wisdom or Outdated Tactics?

Introduction Sun Tzu’s "The Art of War" is a legendary strategic treatise written more than 2,500 years ago. Its enduring principles of warfare strategy have transcended military boundaries, influencing disciplines from business management to competitive sports. In today’s digital age, its relevance is increasingly apparent in the cybersecurity landscape, particularly for CISOs of medium-sized enterprises,

Read More

Ransomware Resilience Starts in the Mind: Overcoming Cognitive Biases and Decision-Making Errors in Cybersecurity

Why We Keep Losing Despite Stronger Security Controls Over the past three years, businesses have almost doubled their confidence in cybersecurity—rising from 32% in 2021 to 54% in 2024 (The Global Cost of Ransomware Study, 2025). Despite this, ransomware’s impact has only grown: 40% of affected companies suffered significant revenue losses, 58% experienced operational downtime,

Read More

AI Cyber Security 2025: Key Threats and Essential Strategies for Your Business

Artificial Intelligence is transforming businesses and industries worldwide, but with this transformation comes unprecedented challenges. The recent launch of Cisco AI Defense, a specialized AI security solution, highlights the urgency of securing AI applications. According to Cisco, only 29% of enterprises feel fully prepared to detect and prevent unauthorized manipulations of AI systems. This low

Read More