Before you go, check out these stories!

0
Hackernoon logoGlossary of Security Terms: CSRF by@mozilla

Glossary of Security Terms: CSRF

Author profile picture

@mozillaMozilla Contributors

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

CSRF (Cross-Site Request Forgery) is an attack that impersonates a trusted user and sends a website unwanted commands. This can be done, for example, by including malicious parameters in a URL behind a link that purports to go somewhere else:

<img src="https://www.example.com/index.php?action=delete&id=123">

For users who have some permissions on

https://www.example.com
, the
<img>
element will execute action on
https://www.example.com
without their noticed, even if the element is not at
https://www.example.com
.

There are many ways to prevent CSRF, such as implement RESTful API, add secure token, etc.

Learn more

General knowledge

ย View Previous Terms:

    Credits

Author profile picture

@mozillaMozilla Contributors

Read my stories

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

Tags

Become a Hackolyte

Level up your reading game by joining Hacker Noon now!