Cross Site Request Forgery
Learn about CSRF and how to protect against it.
We'll cover the following...
Cross-Site Request Forgery (CSRF) is the opposite of an XSS exploit. Where XSS takes advantage of the user by means of a trusted web site, CSRF takes advantage of the web site by means of a trusted user.
Imagine an attacker who sends out fake emails with a link to delete a blog post or email. The target user clicks the link and arrives at a delete page. Because the user is an administrator with a valid session, your application goes ahead and deletes the record as requested. The link is a mystery to the user but now their account has been deleted without their consent. Not cool.
This doesn’t have to be a text link; it is often attached to an image or a button. It may sound ...