Abstract
A cross-site request forgery (CSRF) attack forces the victim's browser to make a request without the victim's knowledge or agency. Browsers make requests all the time without the knowledge or approval of the user: images, frames, and script tags. The CSRF focuses on finding a link, that when requested performs some action beneficial to the attacker. The Web browser's same origin policy (SOP) prohibits the interaction between content pulled from different domains, but it doesn't block a Web page from pulling that content together. The attacker only needs to forge a request. The content of the site's response, which is protected by the same origin policy (SOP), is immaterial to the success of the attack. A CSRF attack would use an iframe or img element to force the user's browser to accomplish the same query, but to do so without the user's intervention or knowledge. The page might be hosted on a server controlled by the attacker. One of the most effective CSRF countermeasures assigns a temporary pseudo-random token to the sensitive forms or links that may be submitted by an authenticated user. The value of the token is known only to the Web application and the user's Web browser.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
