CSRF Attack: Cross-Site Request Forgery Definition & Defense
A CSRF (cross-site request forgery) tricks authenticated users into granting malicious actors access through the authentic user's account.
During a cross-site request forgery (CSRF) attack, a hacker does something under a victim's authentication. It's a bit like a magic trick. A user logs into a website, and somehow, that person's login does all sorts of things that the person would never do willingly.
If CSRF attacks sound confusing, that's by design. These are attacks that rely on coding know-how, trickery, trust, and luck. Some say CSRF attacks are as old as the web itself. As soon as one site started making requests of another site, CSRF attacks were born.
But you can uncover and vanquish even old, sophisticated attack vectors. Read on to learn how these attacks work, and what to do (and avoid) as you pull together CSRF protection plans.
How Do CSRF Attacks Work?
In technical terms, a CSRF attack is one in which a hacker hijacks the identity and rights of a user and puts them to work to perform an undesired function. In layman's terms, a CSRF attack involv