Cross-site Request Forgery

GPTKB entity

Statements (28)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:abbreviation gptkb:CSRF
gptkbp:affects web applications
gptkbp:category web application attack
gptkbp:cause data theft
account compromise
unauthorized actions
gptkbp:describedBy gptkb:OWASP_Top_Ten
gptkbp:detects security testing tools
web application firewalls
gptkbp:exploits trust of a website in a user's browser
gptkbp:firstDescribed 2001
gptkbp:heldBy attack vector
https://www.w3.org/2000/01/rdf-schema#label Cross-site Request Forgery
gptkbp:listedOn gptkb:CWE-352
gptkbp:mitigatedBy gptkb:CSRF_tokens
gptkb:SameSite_cookies
user authentication checks
gptkbp:prevention enabling SameSite cookie attribute
user logout after session
using anti-CSRF tokens
verifying HTTP Referer header
gptkbp:relatedTo gptkb:Cross-site_Scripting
gptkbp:requires user authentication
gptkbp:target state-changing requests
authenticated users
gptkbp:bfsParent gptkb:fire
gptkbp:bfsLayer 4