Cross-site request forgery (CSRF)¶
Software is written in a manner that it doesn’t accept cross-site requests?
Cross-site request forgery is an attack in which the JavaScript payload or link hosted on a third-party site performs an attack on behalf of the user of the targeted website.
The malicious third-party site loads JavaScript which makes AJAX requests to the target site where the user is logged in.
The software should be written using a framework which prevents HTTP POST submissions without the CSRF token. Any state-changing action (login, create, modify, delete) should not be an HTTP GET request.
Related incidences:
Links: