You are here: Encyclopedia > Cross-site Request Forgery
Cross-site Request Forgery
Cross-site request forgery is one of the many forms of malicious website exploitations in which conduction of unauthorized commands from a trusted user of a certain website occurs. Cross-site request forgery is also recognized with the names one-click attack and session riding. In addition to this, this type of exploit may be identified with the abbreviations XSRF and CSRF, which is read as “sea-surf”.
This is related in some ways with another web exploit which is the cross-site scripting or XSS, which occurs by abusing the confidence of a user on a specific website. Cross-site request forgery, on the other hand, works in an opposite way wherein what is being abused in this attack is the trust of a website on the browser of the user.
Cross-site request forgery has a very well-thought process and it has been popular since the year 1990s. The attack begins when the logged-on browser of the user is forced to transmit a pre-authenticated request to another defenseless website application. This becomes successful when a website has been lured into thinking that the user wanted to submit the said form since the request arrives using the cookies of the user’s browser.
The browser is then pushed into doing some antagonistic activities so as to give the attacker his desired opening. And, as what has been observed by many security experts, cross-site request forgery may appear to be as dominating as the web application that is being targeted.