Get Started Book a Demo

Cross-Site Request Forgery (CSRF)

26th January 2021 | Cybrary Cross-Site Request Forgery (CSRF)


csrf cybrary

Cross-Site Request Forgery (CSRF), also known as XSRF, is an attack method that fools a web browser into performing unwanted actions in a user application. Similar to Phishing Attacks, CSRFs are typically administered using malicious social engineering, such as an email or link that tricks the victim into sending a forged request to a server. As the unsuspecting user is authenticated by their application at the time of the attack, it’s almost impossible to distinguish a legitimate request from a forged one. A successful CSRF attack can be devastating for both the business and the user. It can result in damaged business relationships, unauthorized money transfers, changed passwords, and data theft. Depending on the nature of the CSRF attack, the hacker may gain full control over the user’s account. If the compromised user has a privileged (administrator) account within the application, the attacker might be able to take full control of all the application’s data and functionality.

Source: Imperva, PortSwigger

Additional Reading: Google and Mozilla Lay Groundwork For A ‘Post-XSS World’

Related Terms: Session Hijacking Attack

What does this mean for an SMB?

Small and medium-sized businesses (SMBs) can perform a number of preventative measures to help prevent and protect your employees against CSRF attacks. From a user’s perspective, prevention is a matter of safeguarding login credentials and denying unauthorized actors access to applications.

Best practices for employees include:

  • Logging off-web applications when not in use
  • Securing usernames and passwords with 14+ character passwords stored in a Password Manager
  • Not allowing browsers to remember passwords

Best practices for companies developing code:

  • Periodically run your development code through dynamic and static code analysis tools to try and identify security issues to address.
  • Consider hiring an Application Security test firm to perform “application fuzzing” your application for security vulnerabilities.
  • Train your developers on the OWASP Top 10 programming mistakes made by developers.

To learn more about CSRF, watch this short video:

Are you doing enough to protect your business?

Sign up with CyberHoot today and sleep better knowing your

employees are cyber trained and on guard!


Sign Up Today!

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

CyberHoot Newsletter – June 2025
17th June 2025 | Blog, Newsletters

CyberHoot Newsletter – June 2025

CyberHoot June Newsletter: Stay Informed, Stay Secure Welcome to the June edition of CyberHoot’s newsletter,...

Read more
Make Phishing Training Count with HootPhish
10th June 2025 | Blog

Make Phishing Training Count with HootPhish

Stop tricking employees. Start training them. Take Control of Your Security Awareness Training with a Platform...

Read more
Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats
15th May 2025 | Advisory, Blog

Apple Alert: Critical AirPlay Vulnerabilities Expose Millions to Cyber Threats

A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...

Read more
Get Started All Posts