CSRF

(redirected from Cross-site request forgery)
Also found in: Acronyms, Wikipedia.

CSRF

(Cross-Site Request Forgery) An online forgery that requires knowledge of which Internet-based institutions a person deals with. It is used to steal money or obtain valuable data such as credit card numbers. Also called an "XSRF," "sea surf" and "confused deputy attack," the CSRF is embedded in a fake link or bogus script on a Web page. In either case, the browser executes a malicious transaction such as a wire transfer to the cybercrook's bank.

The CSRF exploit only works if the user is already logged onto the institution's website that is being targeted or has recently logged on, in which case a stored cookie used for authentication may still be active. See XSS.
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
Mentioned in ?
References in periodicals archive ?
With nearly half of web apps containing both informational and low security vulnerability risk level such as Insecure Direct Object Reference and Cross-Site Request Forgery (CSRF), it's just like leaving your wallet or unlocked phone lying around in a public place.
Robut Defenses for Cross-Site Request Forgery, Proceedings of the 15th ACM Conference on Computer and Communications Security, 75-88.
Figure 4 shows an example of identification tree for cross-site request forgery (CSRF) threats.
As for server side vulnerabilities, some of the biggest exploits so far in 2013 have included cross-site scripting, cross-site request forgery, broken authentication systems.
Cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection (SQLi) and authentication bypass vulnerabilities will qualify for bounties, the amount of which will be decided by the PayPal security team on a case-by-case basis.