© PortSwigger

Security: Cross-Site Request Forgery

Today we’re going to delve into the topic of Cross-Site Request Forgery (CSRF) attacks, which is another type of web application security vulnerability that poses a significant threat to web users.

Similar to XSS, CSRF attacks exploit the trust relationship between a user and a web application, but instead of injecting malicious code, they manipulate legitimate requests sent by the user to perform…