Cross Site Request Forgery Prevention

CSRF(cross-site request forgery) is the attack in which unwanted operations are performed on the currently authenticated user’s states like changing the password or transferring the fund, enabling/disabling any service.

In the worst scenario, it can be performed on the administrative account, in that case, it will compromise the security of the entire application.

For example, there is an endpoint to change the contact number

GET http://mysite.com/change-number?new=12345

One of the ways to carry out the CSRF is that intruder can exploit the URL which is most likely to be clicked by the user.

<a href='http://mysite.com/change-number?new=54321'">Check your daily horoscope</a>

(more…)

STAY UPDATED!

Do you want to get articles like these in your inbox?

Email *

Interested groups *
Healthtech
Business
Technical articles

Archives