Cross-Site Request Forgery

GPTKB entity

Statements (28)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:abbreviation gptkb:CSRF
gptkbp:affects web applications
gptkbp:can_be_performed_via malicious links
image tags
JavaScript requests
hidden forms
gptkbp:cause data theft
account compromise
unauthorized actions
gptkbp:compatibleWith malicious code on victim's site
gptkbp:describedBy gptkb:OWASP_Top_Ten
gptkbp:detects web application security scanners
gptkbp:exploits trust of a website in a user's browser
gptkbp:firstDescribed 2001
https://www.w3.org/2000/01/rdf-schema#label Cross-Site Request Forgery
gptkbp:mitigatedBy gptkb:SameSite_cookies
anti-CSRF tokens
user authentication checks
gptkbp:prevention checking HTTP Referer header
user logout after sensitive actions
using custom request headers
gptkbp:relatedTo gptkb:Cross-Site_Scripting
Session Fixation
gptkbp:requires user authentication
gptkbp:target web security best practices
gptkbp:bfsParent gptkb:CSRF
gptkbp:bfsLayer 6