How CSRF affects companies
Cross-Site Request Forgery (CSRF) is a vulnerability which can be exploited on vulnerable web applications. The exploit is successful when a web application accepts a malicious request that it would normally reject. In this case, the web application is tricked into believing that a specific user has been authenticated with the website. But in reality, it is a forged authentication. Once the vulnerability has been successfully exploited, the attacker can gain access to specific functions of the web application.
Here’s an example:
An unsuspecting user visits a malicious website that is infected with CSRF. The malicious site sends out authentication requests which are routed to the site which the attacker wishes to target. Once the authentication is successful, the attacker will have access to the web application on the targeted site and can send out commands using the web application that typically would be denied. For example, if the targeted site is a financial institution site, the command could be to transfer money from the unsuspecting user’s account to the attacker’s account.
See Cross-Site Request Forgery (CSRF) Cheat Sheet, Attack Examples & Protection at Vulnerability Knowledge Base.
Latest posts by tal (see all)
- Checkmarx Visual Studio Static Code Analysis Plugin - October 15, 2014
- Secure SDLC - October 15, 2014
- Spoofing Attack - October 15, 2014