A Cross-Site Request Forgery (CSRF) (some people pronounce it as sea surf), can be exploited when an attacker takes advantage of the user session to perform state-changing requests such as posting to a social network platform, money transfers, and much more.

This attack will involve some social engineering efforts from the attacker to convince the victim to visit the infected site. Imagine that the victim is an admin of a system, then the attacker can manipulate that system if it doesn't have a CSRF protection. The most popular question in interviews for Application Security Engineer positions is the following: What is the difference between XSRF and XSS? The simpler the answer is, the better. In summary, XSS attacks ...