Cross Site Request Forgery
Variants:
Direct
Also Known As:
XSRF, Session Riding
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Anti-CSRF, Anti-Automation
Invented In:
13/07/2001
Added In:
17/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Malicious 3rd party websites can perform operations on behalf of users that surf other websites simultaneously, by referring the unsuspecting users to links in the external web site that perform operations on his behalf while the user is authenticated to the target website.
