CSRF

GPTKB entity

Statements (39)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affects web applications
DELETE requests
GET requests
POST requests
PUT requests
gptkbp:alsoKnownAs one-click attack
session riding
gptkbp:canBeBypassedBy weak session management
insecure cookie settings
gptkbp:category gptkb:OWASP_Top_10
gptkbp:cause data theft
account compromise
unauthorized actions
gptkbp:documentedIn gptkb:OWASP
gptkb:CWE-352
gptkbp:example changing user email without consent
transferring funds without authorization
gptkbp:exploits trust of a website in a user's browser
gptkbp:firstDescribed 2001
gptkbp:fullName gptkb:Cross-Site_Request_Forgery
https://www.w3.org/2000/01/rdf-schema#label CSRF
gptkbp:mitigatedBy gptkb:SameSite_cookies
anti-CSRF tokens
user authentication checks
gptkbp:prevention checking Referer header
user confirmation dialogs
gptkbp:relatedTo gptkb:XSS
gptkbp:requires user authentication
user session
gptkbp:riskFactor high
gptkbp:target web servers
authenticated users
gptkbp:vectorFor malicious email
malicious website
malicious link
gptkbp:bfsParent gptkb:cross-site_request_forgery
gptkb:Cross-site_Request_Forgery
gptkbp:bfsLayer 5