What is Cross Site Request Forgery (CSRF) attack? And what the prevention methods against Cross Site Request Forgery attacks?
Cross-site request forgery (CSRF) is a cyberattack that forces an end user to execute unwanted actions on a web application in which there are currently authenticated. In CSRF, an attacker may deceive the users of a web application into executing actions of the attacker’s motives. Furthermore, it is an attack that tricks a victim into submitting a malicious request. Besides, it inherits the identity and privileges of the victim to conduct an undesired function such as transferring funds, and changing email addresses on behalf of the victim. And it targets functionalities that cause a state change on the server of the victim.
Some prevention measures against cross-site request forgery (CSRF) include the following;
- Secure awareness training
- Anti-forgery tokens
- Double submit cookies
- Use custom request header
- Defense-in-depth techniques
- Multifactor authentications
- Verifying source with standard headers