O'Reilly logo

Real-World Bug Hunting by Peter Yaworski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4CROSS-SITE REQUEST FORGERY

Image

A cross-site request forgery (CSRF) attack occurs when an attacker can make a target’s browser send an HTTP request to another website. That website then performs an action as though the request were valid and sent by the target. Such an attack typically relies on the target being previously authenticated on the vulnerable website where the action is submitted and occurs without the target’s knowledge. When a CSRF attack is successful, the attacker is able to modify server-side information and might even take over a user’s account. Here is a basic example, which we’ll walk through shortly:

  1. Bob logs into his banking ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required