Cross-Site Request Forgery (CSRF)

← Back to Common Vulnerabilities

An attack where a malicious site tricks a user’s browser into making authenticated requests to a target site. The browser automatically includes cookies, making the forged request appear legitimate. Mitigations: CSRF tokens, SameSite cookie attribute, and checking Origin/Referer headers.

Key Properties

CSRF Token Pattern
SameSite Cookie Attribute
Origin Header Validation

application-security csrf vulnerabilities

Software Engineering KB

Explorer

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF)

Key Properties

Graph View

Table of Contents

Backlinks