Is CSRF really dead? Examining Stripe’s $5000 CSRF bug bounty.

Testing for CSRF can be worth it.

What is CSRF?

CSRF (pronounced sea-surf hehe), or rather client-side request forgery, used to be one of most dangerous attacks a web application could experience. Essentially, while a user is logged in and authenticated, a web application sets a valid session state through the use of cookies. When the client sends a request to the web application server, the server will first authenticate the cookies to verify the client can do…