Glossary of Security Terms: CSRF

CSRF (Cross-Site Request Forgery) is an attack that impersonates a trusted user and sends a website unwanted commands. This can be done, for example, by including malicious parameters in a URL behind a link that purports to go somewhere else:

<img src="https://www.example.com/index.php?action=delete&id=123">

For users who have some permissions on

https://www.example.com

<img>

https://www.example.com

https://www.example.com

There are many ways to prevent CSRF, such as implement RESTful API, add secure token, etc.

Learn more

General knowledge

• Cross-site request forgery on Wikipedia
• Prevention measures
• MDN security tutorial

 View Previous Terms:

• Block cipher mode of operation
• Certificate authority
• Challenge-response authentication
• Cipher
• Cipher suite
• Ciphertext
• CORS
• CORS-safelisted request header
• CORS-safelisted response header
• Cross-site scripting
• Cryptanalysis
• Cryptographic hash function
• Cryptography
• CSP
• Decryption
• Digital certificate
• DTLS (Datagram Transport Layer Security)
• Encryption
• Forbidden header name
• Forbidden response header name
• Hash
• HMAC
• HPKP
• HSTS
• HTTPS
• Key
• MitM
• OWASP
• Preflight request
• Public-key cryptography
• Reporting directive
• Robots.txt
• Same-origin policy
• Session Hijacking
• SQL Injection
• Symmetric-key cryptography
• TOFU
• Transport Layer Security (TLS)

Credits

• Source: https://developer.mozilla.org/en-US/docs/Glossary/CSRF
• Published under Open CC Attribution ShareAlike 3.0 license