CSRF (Cross-Site Request Forgery) Explained

How does a CSRF attack work?

www.bank.com/transfer.php?to=recipient&amount=1000
www.bank.com/transfer.php?to=attacker&amount=1000

GET vs POST

Causes

Impact

How to protect against CSRF?

  • A website should not permit state-changing operations based on GET requests.
  • Always limit session duration for connected users. Websites should terminate sessions whenever users leave the website.
  • Cross-Site Scripting (XSS) prevention controls should also be implemented, since XSS can be used to exploit CSRF.

CSRF Tokens

SameSite Cookie

--

--

--

A cybersecurity enthusiast, and founder @ Patchthenet.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Grim Legends 2: Song of the Dark Swan Hack Free Resources Generator

5 Tips To Scale Your Cyber Security Program For Growth

Disobedient Internet Architectures: the Politics of Online Piracy

{UPDATE} Battle Of Ninja Hack Free Resources Generator

保護網路空間之數位日內瓦公約

How to Remove MOLE — MOLE Removal Guide

Towards a value-based European foreign policy to cybersecurity

Sharepoint 2019 repeatedly asks for credentials

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
A. Boukar

A. Boukar

A cybersecurity enthusiast, and founder @ Patchthenet.com

More from Medium

How to use in-built docker tools for reconnaissance

LOCAL FILE INCLUSION(LFI): AN OVERVIEW

Log4Shell — CVE-2021–44228

Insecure Deserialization — FAQ