DEV Community

Cover image for CSRF attack

CSRF attack

Mohammad Reza
Software Engineer at Cafe Bazaar
・1 min read

What is CSRF

CSRF attacks are also known by a number of other names, including XSRF, “Sea Surf”, Session Riding, Cross-Site Reference Forgery, and Hostile Linking. Microsoft refers to this type of attack as a One-Click attack in their threat modeling process and many places in their online documentation.
Alt Text

How to Prevent Cross-Site Request Forgery Attacks

Just add somethings that attacker doesn't know
An attacker can launch a CSRF attack when he knows which parameters and value combination are being used in a form. Therefore, by adding an additional parameter with a value that is unknown to the attacker and can be validated by the server, you can prevent CSRF attacks. Below is a list of some of the methods you can use to block cross-site request forgery attacks.

Discussion (0)