Statements (28)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:security
|
gptkbp:abbreviation |
gptkb:CSRF
|
gptkbp:affects |
web applications
|
gptkbp:category |
web application attack
|
gptkbp:cause |
data theft
account compromise unauthorized actions |
gptkbp:describedBy |
gptkb:OWASP_Top_Ten
|
gptkbp:detects |
security testing tools
web application firewalls |
gptkbp:exploits |
trust of a website in a user's browser
|
gptkbp:firstDescribed |
2001
|
gptkbp:heldBy |
attack vector
|
https://www.w3.org/2000/01/rdf-schema#label |
Cross-site Request Forgery
|
gptkbp:listedOn |
gptkb:CWE-352
|
gptkbp:mitigatedBy |
gptkb:CSRF_tokens
gptkb:SameSite_cookies user authentication checks |
gptkbp:prevention |
enabling SameSite cookie attribute
user logout after session using anti-CSRF tokens verifying HTTP Referer header |
gptkbp:relatedTo |
gptkb:Cross-site_Scripting
|
gptkbp:requires |
user authentication
|
gptkbp:target |
state-changing requests
authenticated users |
gptkbp:bfsParent |
gptkb:fire
|
gptkbp:bfsLayer |
4
|