Glossary definition: Cross Site Request Forgery (CSRF)

Protecting Against CSRF Attacks: Cross-Site Request Forgery?

Cross Site Request Forgery (CSRF) is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. It occurs when a malicious website, email, blog, or instant message contains a link, code, or other script that is unknowingly executed by a user's web browser. The malicious code may then perform actions on behalf of the user, such as changing account settings, transferring funds, or purchasing items without the user's knowledge or consent. CSRF exploits the trust that a website has in a user's browser, and can be used to manipulate a user into performing actions that they did not intend to do. CSRF attacks can be particularly dangerous because they often go undetected, as the user is unaware that their browser has been exploited. To prevent CSRF attacks, websites should implement measures such as token-based authentication or a CAPTCHA system to verify user requests.