Cross-site Request Forgery (CSRF)

In this lesson, we will discuss Cross-site Request Forgery, how the attack can occur, and what steps can be taken to prevent it.

What is CSRF?

Cross-site Request Forgery (CSRF), is an attack that tricks a web browser into executing an unwanted action in an application after a user logs in. It allows an attacker to force a logged-in user to act without their consent or knowledge.

In a CSRF attack, the attacker cannot access the data because the attacker does not have access to the response. This can be devastating, as the attacker can force the user to transfer funds from a banking website or share sensitive information.

Get hands-on with 1200+ tech skills courses.