Knowledge Base

CSRF

What is OWASP

* The Open Web Application Security Project (OWASP) is a worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible so that individuals and organizations worldwide can make informed decisions about true software security risks.
Based on OWASP, I am going to discuss about CSRF

What is CSRF and how can hack the website and privant attack

* Cross Site Request Forgery or CSRF is an attack method in which attacker exploit users’ active session in the browser without the permission of innocent user. By using victim’s browser session, attacker sends valid requests to a website that perform some action in users’ account. User will not be able to know that the request has been sent from his browser. An Attacker uses some third party innocent websites to generate these valid requests from user’s browse,

For example if a form on a website can also be submitted from some other website, It is vulnerable to CSRF. Suppose there is a form on a vulnerable website

(http://www.victim.com/forms.php)

I am able to submit the form by using the form on my localhost, the website is vulnerable to the CSRF attack This attack uses user’s session to perform malicious task, so it is also known as “Session Riding attack.” Sometimes it is hard to understand how this attack works in real life