CSRF (Cross-Site Request Forgery) Explained

How does a CSRF attack work?

www.bank.com/transfer.php?to=recipient&amount=1000
www.bank.com/transfer.php?to=attacker&amount=1000

GET vs POST

Causes

Impact

How to protect against CSRF?

  • A website should not permit state-changing operations based on GET requests.
  • Always limit session duration for connected users. Websites should terminate sessions whenever users leave the website.
  • Cross-Site Scripting (XSS) prevention controls should also be implemented, since XSS can be used to exploit CSRF.

CSRF Tokens

SameSite Cookie

--

--

--

A cybersecurity enthusiast, and founder @ Patchthenet.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cybersecurity for Developers: Cheat Sheet

I bet you are risking your company’s security — probably without even knowing it.

Closing the Skills Gap in CyberSecurity

Your Security Cameras are Snitching on You…

What is an ENS and why do you need to get one RIGHT NOW?

ADAMANT’s interactive Bounty bot for cryptocurrency projects

It could have happened to us…

{UPDATE} Rotten Eggs Fight Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
A. Boukar

A. Boukar

A cybersecurity enthusiast, and founder @ Patchthenet.com

More from Medium

Log4Shell Log4J vulnerability CVE-2021–44228 — Explained .

AWS S3 & Unity Part 1

Access Delegation with OAuth2

SQL injection attack