4CROSS-SITE REQUEST FORGERY
A cross-site request forgery (CSRF) attack occurs when an attacker can make a target’s browser send an HTTP request to another website. That website then performs an action as though the request were valid and sent by the target. Such an attack typically relies on the target being previously authenticated on the vulnerable website where the action is submitted and occurs without the target’s knowledge. When a CSRF attack is successful, the attacker is able to modify server-side information and might even take over a user’s account. Here is a basic example, which we’ll walk through shortly:
- Bob logs into his banking ...
Get Real-World Bug Hunting now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
