CSRF attack works only if web applications fail to differentiative valid requests and forged requests. If the attacker tricks a user into clicking a malicious URL and that user already has active session with a legitimate web application, it will make the user’s browser send malicious request to the legitimate web application. If the web application is not properly developed, it will treat this new request from the attacker as an authorized request submitted by the user. For this attack to occur, attacker must first have malicious URL created, attacker must trick the user into clicking the malicious URL, and the user must have active session with a legitimate URL. CSRF token can be used to prevent this attack and can be created for every session for users and be sent to user’s browsers.
- Reblog
-
Subscribe
Subscribed
Already have a WordPress.com account? Log in now.
HansITAcademy 