cross-site request forgery (CSRF)
GPTKB entity
Statements (29)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:affects |
web applications
|
| gptkbp:alsoKnownAs |
gptkb:CSRF
one-click attack session riding |
| gptkbp:category |
cybersecurity
web application security |
| gptkbp:cause |
data theft
privilege escalation account compromise unauthorized actions |
| gptkbp:compatibleWith |
user interaction with attacker site
|
| gptkbp:describedBy |
gptkb:OWASP_Top_Ten
|
| gptkbp:exploits |
trust of a website in a user's browser
|
| gptkbp:firstDescribed |
2001
|
| https://www.w3.org/2000/01/rdf-schema#label |
cross-site request forgery (CSRF)
|
| gptkbp:prevention |
gptkb:SameSite_cookies
user authentication CSRF token checking HTTP Referer header |
| gptkbp:relatedTo |
gptkb:cross-site_scripting_(XSS)
session fixation |
| gptkbp:requires |
user authentication
|
| gptkbp:vectorFor |
malicious email
malicious website malicious link |
| gptkbp:bfsParent |
gptkb:Cross-site_scripting_(XSS)
gptkb:Web_Application_Firewall_(WAF) |
| gptkbp:bfsLayer |
6
|