Understanding Cross-Site Request Forgery

Hypertext Transfer Protocol (HTTP) transfers discrete information between the Web server and the browser. This information could be an authentication request for a login form, a search for the word “doughnut,” or reading an e-mail message. Popular Web sites handle dozens to hundreds of requests per second. Cross-site request forgery (CSRF) exploits assumptions that underpin how Web pages are put together and Web sites are expected to work. This subtle aspect highlights how pervasive such attacks can be and the relative difficulty in blocking them effectively. While a CSRF attack might carry some telltale signatures (it rarely does), the faint fingerprints are nothing like the blaring klaxons of malicious ...

Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.