From the course: ASP.NET: Security

Unlock the full course today

Join today to access over 22,700 courses taught by industry experts or purchase this course individually.

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF)

From the course: ASP.NET: Security

Start my 1-month free trial

Cross-Site Request Forgery (CSRF)

- [Tutor] The final attack I would like to cover in this chapter is Cross-Site Request Forgery, or in short CSRF. Some people use XSRF as the abbreviation but CSRF is just more common, so I'll stick with that. There're different approaches to Cross-Site Request Forgery but I'll show you the most common one. The idea is that the victim is authenticated with a web application and the web application is using a cookie-based authentication meaning that every HTTP request comes with the cookie. And based on the cookie, the application authenticates and also authorizes the user. And this could be abused in the following fashion. The attacker somehow lures the victim to make an HTTP request to their site. So an HTTP request is being sent to the attacker's server and the attacker returns an HTTP response that in turn triggers a new HTTP request. For instance by doing redirection or with some JavaScript code that does the request. Turns out that this request goes to the web server that is…

Contents