Cross-Site Request Forgery (CSRF) attacks

How CSRF affects companies

Cross-Site Request Forgery (CSRF) is a vulnerability which can be exploited on vulnerable web applications. The exploit is successful when a web application accepts a malicious request that it would normally reject. In this case, the web application is tricked into believing that a specific user has been authenticated with the website. But in reality, it is a forged authentication. Once the vulnerability has been successfully exploited, the attacker can gain access to specific functions of the web application.

Here’s an example:

An unsuspecting user visits a malicious website that is infected with CSRF. The malicious site sends out authentication requests which are routed to the site which the attacker wishes to target. Once the authentication is successful, the attacker will have access to the web application on the targeted site and can send out commands using the web application that typically would be denied. For example, if the targeted site is a financial institution site, the command could be to transfer money from the unsuspecting user’s account to the attacker’s account.

See Cross-Site Request Forgery (CSRF) Cheat Sheet, Attack Examples & Protection at Vulnerability Knowledge Base.

The following two tabs change content below.

tal

Latest posts by tal (see all)

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.