Cross-site request forgery (CSRF)

GPTKB entity

Statements (30)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affects web applications
social media platforms
e-commerce sites
any authenticated web service
banking websites
gptkbp:alsoKnownAs one-click attack
session riding
gptkbp:canBeBypassedBy weak session management
gptkbp:category cybersecurity
web application security
gptkbp:cause data theft
account compromise
unauthorized commands
gptkbp:describedBy gptkb:OWASP_Top_Ten
gptkbp:exploits trust of a website in a user's browser
gptkbp:firstDescribed 2001
https://www.w3.org/2000/01/rdf-schema#label Cross-site request forgery (CSRF)
gptkbp:prevention gptkb:SameSite_cookies
user authentication
CSRF token
checking Referer header
gptkbp:relatedTo gptkb:cross-site_scripting_(XSS)
web session management
gptkbp:requires user authentication
active session
gptkbp:vectorFor malicious email
malicious website
gptkbp:bfsParent gptkb:HTML_Forms
gptkbp:bfsLayer 5