Glossary/Cross-Site Request Forgery (CSRF)
Web Security

Cross-Site Request Forgery (CSRF)

An attack that forces authenticated users to submit unwanted requests to a web application.

Cross-Site Request Forgery (CSRF) is an attack that tricks an authenticated user into unknowingly submitting a malicious request to a web application they are currently logged into.

How CSRF Works

  • User logs into a legitimate website (e.g., bank.com)
  • User visits a malicious page while still logged in
  • Malicious page sends a request to bank.com using the user's session
  • Bank.com processes the request as if the user initiated it

    • Prevention

  • CSRF tokens - unique tokens per session/request
  • SameSite cookies - restrict cross-origin cookie sending
  • Origin header validation - verify request origin
  • Re-authentication for sensitive actions

    • How mr7.ai Helps

    KaliGPT can help identify CSRF vulnerabilities in your web applications and suggest proper mitigation strategies.

    Related Terms

    SQL Injection (SQLi)

    A code injection technique that exploits security vulnerabilities in database queries.

    Cross-Site Scripting (XSS)

    A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

    OWASP Top 10

    A standard awareness document listing the top 10 most critical web application security risks.

    Practice Cross-Site Request Forgery with AI

    Use mr7.ai's specialized AI models to learn and practice security techniques. Start with 10,000 free tokens.