Glossary of Security Terms: CSRF | Hacker Noon

Author profile picture

@mozillaMozilla Contributors

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

CSRF (Cross-Site Request Forgery) is an attack that impersonates a trusted user and sends a website unwanted commands. This can be done, for example, by including malicious parameters in a URL behind a link that purports to go somewhere else:

<img src="https://www.example.com/index.php?action=delete&id=123">

For users who have some permissions on

https://www.example.com

, the

<img>

element will execute action on

https://www.example.com

without their noticed, even if the element is not at

https://www.example.com

.

There are many ways to prevent CSRF, such as implement RESTful API, add secure token, etc.

Learn more

General knowledge

Credits

Author profile picture

Read my stories

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

Tags

The Noonification banner

Subscribe to get your daily round-up of top tech stories!

read original article here