Dev Techies

Hello everyone! In this article, we are going to look about Cross-site Request Forgery (CSRF) and the preventing mechanisms. So, what is CSRF?? It is an attack that occurs in the user’s web browser where a mail, a malicious URL or an instant messaging performs an unwanted action in which the user is currently authenticated. This attack happens without the user’s consent so that the attacker can carry out the unauthorized transaction. How does CSRF work? There are several ways an attacker can steal the information from the user. The attack can be done in either of the following ways. ·          Exploiting URLs by using HTTP methods Let’s say Peter wants to deposit Rs. 10,000 to Sam’s account. He will sign into his account and fill out all the details. Then, there will be a GET request with all the parameters as shown below.   GET http://AbcBankingSolutions.com/deposit?account=Sam&amount=10000 HTTP/1.1 Now, t...