Glossary

CROSS-SITE REQUEST FORGERY / CSRF
defined.

An attack that forces a logged-in user’s browser to perform unintended actions on a site where they’re authenticated.

A–Z

What is Cross-Site Request Forgery (CSRF)?

The classic CSRF: a victim visits an attacker’s page, which auto-submits a form to a target site. The browser includes the victim’s session cookie, and the target site happily processes the request.

Defence: SameSite=Lax cookies (default in modern browsers), CSRF tokens for state-changing operations, and double-submit cookie patterns for stateless APIs.

Related terms.

Cross-Site Scripting (XSS)
Cross-Origin Resource Sharing (CORS)
JSON Web Token (JWT)
Clickjacking

Where this shows up.

See our web application penetration testing, API security testing, network penetration testing, and cloud security audit services for how we test for and defend against this class of issue.

Test for this in your stack

BOOK A FREE
scoping call.

30-minute call with an OSCP-certified engineer. Tailored proposal in 24 hours.

Book Free Scoping Call →All Services

CROSS-SITE REQUEST FORGERY / CSRFdefined.

What is Cross-Site Request Forgery (CSRF)?

Related terms.

Where this shows up.

BOOK A FREEscoping call.

CROSS-SITE REQUEST FORGERY / CSRF
defined.

BOOK A FREE
scoping call.