Cross-Site Request Forgery attacks
GPTKB entity
Statements (32)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:abbreviation |
gptkb:CSRF
|
| gptkbp:affects |
web applications
|
| gptkbp:alsoKnownAs |
gptkb:CSRF
|
| gptkbp:cause |
data theft
account compromise unauthorized actions |
| gptkbp:class |
web application vulnerability
attack vector |
| gptkbp:describedBy |
gptkb:OWASP_Top_Ten
|
| gptkbp:distinctFrom |
Cross-Site Scripting attacks
|
| gptkbp:documentedIn |
gptkb:CWE-352
OWASP CSRF documentation |
| gptkbp:exploits |
trust of a website in a user's browser
|
| gptkbp:firstDescribed |
2001
|
| https://www.w3.org/2000/01/rdf-schema#label |
Cross-Site Request Forgery attacks
|
| gptkbp:mitigatedBy |
gptkb:CSRF_tokens
gptkb:SameSite_cookies checking Referer header user logout |
| gptkbp:prevention |
CAPTCHA
multi-factor authentication custom headers user confirmation dialogs |
| gptkbp:requires |
user authentication
|
| gptkbp:target |
authenticated users
|
| gptkbp:uses |
gptkb:JavaScript
malicious links malicious forms image tags |
| gptkbp:bfsParent |
gptkb:CSRF_attacks
|
| gptkbp:bfsLayer |
6
|