Cross-Site Request Forgery is a type of malicious website/exploit where attacker commands are executed on a website in behalf of an authenticated user. CSRF attacks specifically target state-changing requests since attacker has no way to see the response of the forged request thanks to Same-origin Policy. Nowadays most web application frameworks offer built-in protection against CSRF attacks by forcing the use of the so called CSRF tokens. Before rendering the page which contains the form, the server generates a unique token which is required to submit data to the server. The…
Read More