Wifi Password Recovery - UTM - Vulnerability Scanning

SHOP
CLOUD PEN
VIP LOGIN
Sun Sun Sun

You are here: Encyclopedia > Cross-site Request Forgery

Cross-site Request Forgery 

Cross-site request forgery is one of the many forms of malicious website exploitations in which conduction of unauthorized commands from a trusted user of a certain website occurs. Cross-site request forgery is also recognized with the names one-click attack and session riding. In addition to this, this type of exploit may be identified with the abbreviations XSRF and CSRF, which is read as “sea-surf”.
This is related in some ways with another web exploit which is the cross-site scripting or XSS, which occurs by abusing the confidence of a user on a specific website. Cross-site request forgery, on the other hand, works in an opposite way wherein what is being abused in this attack is the trust of a website on the browser of the user.
Cross-site request forgery has a very well-thought process and it has been popular since the year 1990s. The attack begins when the logged-on browser of the user is forced to transmit a pre-authenticated request to another defenseless website application. This becomes successful when a website has been lured into thinking that the user wanted to submit the said form since the request arrives using the cookies of the user’s browser.
The browser is then pushed into doing some antagonistic activities so as to give the attacker his desired opening. And, as what has been observed by many security experts, cross-site request forgery may appear to be as dominating as the web application that is being targeted.
This form of attack entails an automatic transmission of a cross-site form by a JavaScript. There are times, however, that it is not necessary to have a JavaScript in order to have a wicked website coerce a user into submitting the malicious form to another website. But then, the form fields may just be hiding and the buttons may also be masquerading as links and scrollbars.
 

 
Related pages
All Modules Included at 1 Price
Control both Incoming and Outgoing Scanning
Cross-site Request Forgery
Encyclopedia Part 2
Encyclopedia Part 3
Encyclopedia Part 4
Encyclopedia Part 5
Encyclopedia Part 6
Encyclopedia Part 7
Full Mail Archiver
Hyper V Virtual UTM Appliance
Sec-Point
Security Point
VPN Firewall
What is a 2.4 GHz Wi-Fi?
What is a Script Kiddie?
What is a Spanning Tree Protocol Attack?
What is a web application firewall?
What is an Elite Hacker?
What is ComboFix?
What is Denial-of Service Attack?
What is Diffie-Hellman Encryption?
What is ISSAP?
What is ISSMP?
What is Penetration Test?
What is RC4 Encryption?
What is the 5.8 GHz Wi-Fi?
What is the mail service attack on Microsoft Exchange Server?
What is Tunneling Protocol?
What is War Dialing?
Wifi Defender
WiFi Pen Test Appliance
Windows Operating System - Password Attacks
WPA2 Encryption
Want to be Contacted?
Click here to Get Contacted

Free Services
Free Wi-Fi Top 15 Security Tips
Free Vulnerability Scan
SecPoint News

» New Penetrator 20.1.3 released
New Penetrator 20.1.3 released...
Monday June 17, 2013

Awards & Reviews
  
Featured SecPoint Customers

Featured SecPoint clients

About
About SecPoint
Mission Statement
Vision
Management
Investment
Certificates
Products
SecPoint Products
Protector
Cloud Protector
Penetrator
Portable Penetrator
Cloud Penetrator
Free IT Security Tools
SecPoint Brochures
SecPoint Questions FAQ
SecPoint Datasheets
News
SecPoint News
Press
Product Awards


Contact
SecPoint Contact
IT Security Products Webshop
SecPoint FAQ Frequently Asked Questions
SecPoint Support
Solutions
Anti-Spam Appliance
UTM Appliance
Penetration Testing
Proxy Appliance
SAAS
Spam Filters
Vulnerability Assessment


SecPoint® © Copyright 1999-2013
US Toll Free: +1-888-704-7297 - EU Toll Free: +44-808-101-2272