Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.
Testing for CSRF can be worth it.
Published in
3 min readAug 2, 2022
What is CSRF?
CSRF (pronounced sea-surf hehe), or rather client-side request forgery, used to be one of most dangerous attacks a web application could experience. Essentially, while a user is logged in and authenticated, a web application sets a valid session state through the use of cookies. When the client sends a request to the web application server, the server will first authenticate the cookies to verify the client can do…