Back to Attacks Guide
Cross-Site Request Forgery (CSRF) cover

Cross-Site Request Forgery (CSRF)
Medium

CSRF tricks the victim into submitting a malicious request to a website where they're authenticated.

Attack Overview
Key information about Cross-Site Request Forgery (CSRF)

CSRF tricks the victim into submitting a malicious request to a website where they're authenticated.

Common Tools:

  • OWASP ZAP
  • Burp Suite (CSRF PoC generator)
  • XSRFProbe
  • CSRFTester

Test Your Knowledge
Take a quick quiz about Cross-Site Request Forgery (CSRF)

What is the primary goal of a Cross-Site Request Forgery (CSRF) attack?

Which of the following is NOT a common technique used in Cross-Site Request Forgery (CSRF) attacks?

What is a recommended prevention method for Cross-Site Request Forgery (CSRF) attacks?

Difficulty
Medium
Primary Targets

Web applications, databases, authentication systems

OWASP Top 10

Ranked in the OWASP Top 10 Web Application Security Risks

Related Attacks
Explore other attacks you might be interested in
Race Condition
Very Hard

Race conditions occur when the behavior of a system depends on the sequence or timing of uncontrollable events, potentially leading to unexpected results.

Broken Authentication
Medium

Broken Authentication allows attackers to compromise passwords, keys, or session tokens to assume users' identities.

Unrestricted File Upload
Medium

Unrestricted file upload vulnerabilities allow attackers to upload malicious files to a server, potentially leading to remote code execution.

Server-Side Request Forgery (SSRF)
Hard

SSRF allows attackers to induce the server to make requests to unintended locations.

Try our Vulnerability ScannerLearn More About RFS