Application Security Terminology

Glossary

Cross-Site Request Forgery

Did You Know? There is a 15% likelihood that your production website is vulnerable to CSRF

READ STATS REPORT

Cross-Site Request Forgery (CSRF) is an attack that forces the victim to send an HTTP request to a target destination without knowledge or intent. This type of attack causes the end user to execute unwanted actions in a web application for which they are currently authenticated. 

cross-site request forgery

There are numerous ways in which an end user can be tricked into loading information from or submitting information to a web application. With a little social engineering, an attacker can trick users into executing state changing requests like transferring funds, changing their email address, and more. If the victim is an administrative account, CSRF can potentially compromise the entire web application.

Cross-Site Request Forgery exploits the trust that a website has for a user. By contrast, Cross-Site Scripting (XSS) exploits the trust that a user has for a website.