Statements (39)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:affects |
web applications
DELETE requests GET requests POST requests PUT requests |
| gptkbp:alsoKnownAs |
one-click attack
session riding |
| gptkbp:canBeBypassedBy |
weak session management
insecure cookie settings |
| gptkbp:category |
gptkb:OWASP_Top_10
|
| gptkbp:cause |
data theft
account compromise unauthorized actions |
| gptkbp:documentedIn |
gptkb:OWASP
gptkb:CWE-352 |
| gptkbp:example |
changing user email without consent
transferring funds without authorization |
| gptkbp:exploits |
trust of a website in a user's browser
|
| gptkbp:firstDescribed |
2001
|
| gptkbp:fullName |
gptkb:Cross-Site_Request_Forgery
|
| https://www.w3.org/2000/01/rdf-schema#label |
CSRF
|
| gptkbp:mitigatedBy |
gptkb:SameSite_cookies
anti-CSRF tokens user authentication checks |
| gptkbp:prevention |
checking Referer header
user confirmation dialogs |
| gptkbp:relatedTo |
gptkb:XSS
|
| gptkbp:requires |
user authentication
user session |
| gptkbp:riskFactor |
high
|
| gptkbp:target |
web servers
authenticated users |
| gptkbp:vectorFor |
malicious email
malicious website malicious link |
| gptkbp:bfsParent |
gptkb:cross-site_request_forgery
gptkb:Cross-site_Request_Forgery |
| gptkbp:bfsLayer |
5
|