A CSRF attack forces a logged-on victim’s browser to send a request to a vulnerable web application, which then performs the chosen action on behalf of the victim. The malicious code is often not on the attacked site. This is why it is called “Cross Site”.
Continue reading “Tech Terminology Demystified – Cross Site Request Forgery”