What is the threat posed by XSRF to my website

Asked By Barbara Rothermal 0 points N/A Posted on - 12/06/2014

What is Cross Site request Forgery (XSRF)? How is it different from Cross Site Scripting (XSS)? Could you please explain XSRF with an example? What is login CSRF? How can one defend against CSRF attacks. As a website admin, what can I do to protect by website from an XSRF attack?

 

• Status: Open
• Question Views: 666
• Answer Count: 1
• Vote Up 0 Vote Down

• Answer Accepted: No
• Question Category: Misc Security

Answered By Sharath Reddy 590495 points N/A #145187

What is the threat posed by XSRF to my website

CSRF or generally termed as Cross-Site Request Forgery is an attack that forces or drives an end user to perform unwanted actions in a web application where he or she is currently authenticated. It is also known as one-click attack or session riding. It is a kind of malicious exploit of a website wherein unauthorized commands are being sent from a user that the website trusts.

It deceives the victim into sending a malicious request. The request is malicious, in the sense that it takes over the privileges and identity of the victim to execute an unwanted function on the victim’s behalf. For the majority of the websites, browser requests will automatically contain some credentials related to the site like the session cookie of the user, Windows domain credentials, IP address, and others.

For that reason, if the user is presently authenticated to the site, it is impossible for the site to recognize the forged request sent by the victim from a genuine request sent by the victim.

About Sharath Reddy

Questions
1

Answers
14599

Best Answers
2290

• Vote Up 0 Vote Down

• Posted on - 12/07/2014
• Question Category: Misc Security