0PricingLogin
Cyber Security Academy · Lesson

Cross-Site Request Forgery (CSRF)

Learn how CSRF attacks forge authenticated requests and how CSRF tokens and SameSite cookies defend against them.

What is CSRF?

Cross-Site Request Forgery (CSRF) tricks an authenticated user's browser into making unauthorized requests to a web application. The browser automatically sends cookies with requests, so the server cannot distinguish legitimate from forged requests without extra measures.

How CSRF Works

Scenario:

  1. Victim is logged into bank.com (session cookie in browser)
  2. Victim visits attacker's page with: <img src="https://bank.com/transfer?to=attacker&amount=1000">
  3. Browser sends the GET request with the bank.com cookie attached
  4. Bank processes the transfer

All lessons in this course

  1. SQL Injection: How and Why It Works
  2. Cross-Site Scripting (XSS)
  3. Cross-Site Request Forgery (CSRF)
  4. Security Misconfiguration and Exposed Services
← Back to Cyber Security Academy