Cross-site request forgery (CSRF)
GPTKB entity
Statements (30)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:security
|
gptkbp:affects |
web applications
social media platforms e-commerce sites any authenticated web service banking websites |
gptkbp:alsoKnownAs |
one-click attack
session riding |
gptkbp:canBeBypassedBy |
weak session management
|
gptkbp:category |
cybersecurity
web application security |
gptkbp:cause |
data theft
account compromise unauthorized commands |
gptkbp:describedBy |
gptkb:OWASP_Top_Ten
|
gptkbp:exploits |
trust of a website in a user's browser
|
gptkbp:firstDescribed |
2001
|
https://www.w3.org/2000/01/rdf-schema#label |
Cross-site request forgery (CSRF)
|
gptkbp:prevention |
gptkb:SameSite_cookies
user authentication CSRF token checking Referer header |
gptkbp:relatedTo |
gptkb:cross-site_scripting_(XSS)
web session management |
gptkbp:requires |
user authentication
active session |
gptkbp:vectorFor |
malicious email
malicious website |
gptkbp:bfsParent |
gptkb:HTML_Forms
|
gptkbp:bfsLayer |
5
|