Skip to main content

XSRF

Cross-site request forgery, also known as one click attack, sidejacking or session riding and abbreviated as CSRF (Sea-Surf[1]) or XSRF, is a type of malicious exploit of websites.

Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.

CSRF vulnerabilities have been known and in some cases exploited since the 1990s.

Because it is carried out from the user's IP address, CSRF is untraceable.[2] Exploits are under-reported, at least publicly, and as of 2007[4] there are few well-documented examples.

Read the rest of the article here (opens in new tab)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.