Glossary/Cross-Site Request Forgery (CSRF)
Web Security

Cross-Site Request Forgery (CSRF)

An attack that forces authenticated users to submit unwanted requests to a web application.

Cross-Site Request Forgery (CSRF) is an attack that tricks an authenticated user into unknowingly submitting a malicious request to a web application they are currently logged into.

How CSRF Works

  • User logs into a legitimate website (e.g., bank.com)
  • User visits a malicious page while still logged in
  • Malicious page sends a request to bank.com using the user's session
  • Bank.com processes the request as if the user initiated it

    • Prevention

  • CSRF tokens - unique tokens per session/request
  • SameSite cookies - restrict cross-origin cookie sending
  • Origin header validation - verify request origin
  • Re-authentication for sensitive actions

    • How mr7.ai Helps

    KaliGPT can help identify CSRF vulnerabilities in your web applications and suggest proper mitigation strategies.

    Related Terms

    SQL Injection (SQLi)

    A code injection technique that exploits security vulnerabilities in database queries.

    Cross-Site Scripting (XSS)

    A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

    OWASP Top 10

    A standard awareness document listing the top 10 most critical web application security risks.

    Practice Cross-Site Request Forgery with AI

    Use mr7.ai's specialized AI models to learn and practice security techniques. Start with 10,000 free tokens.

    We value your privacy

    We use cookies to enhance your browsing experience, serve personalized content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. Learn more