Difference between revisions of "Cross-site request forgery"
From Wiki @ Karl Jones dot com
Karl Jones (Talk | contribs) (Created page with "'''Cross-site request forgery''', also known as '''one-click attack''' or '''session riding''' and abbreviated as '''CSRF''' (sometimes pronounced sea-surf) or '''XSRF''', is...") |
(No difference)
|
Revision as of 09:45, 8 November 2016
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.
Comparison with cross-site scripting
Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.
See also
- BREACH (security exploit)
- Confused deputy problem
- CRIME (security exploit)
- Cross-document messaging
- Cross-site scripting
- Heap spraying
- Replay attack
- Session fixation
- Web application security
External links
- Cross-site request forgery @ Wikipedia