cross-site request forgery (CSRF)

GPTKB entity

Statements (29)
Predicate Object
gptkbp:instanceOf gptkb:security
gptkbp:affects web applications
gptkbp:alsoKnownAs gptkb:CSRF
one-click attack
session riding
gptkbp:category cybersecurity
web application security
gptkbp:cause data theft
privilege escalation
account compromise
unauthorized actions
gptkbp:compatibleWith user interaction with attacker site
gptkbp:describedBy gptkb:OWASP_Top_Ten
gptkbp:exploits trust of a website in a user's browser
gptkbp:firstDescribed 2001
https://www.w3.org/2000/01/rdf-schema#label cross-site request forgery (CSRF)
gptkbp:prevention gptkb:SameSite_cookies
user authentication
CSRF token
checking HTTP Referer header
gptkbp:relatedTo gptkb:cross-site_scripting_(XSS)
session fixation
gptkbp:requires user authentication
gptkbp:vectorFor malicious email
malicious website
malicious link
gptkbp:bfsParent gptkb:Cross-site_scripting_(XSS)
gptkb:Web_Application_Firewall_(WAF)
gptkbp:bfsLayer 6