From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 1 Security Concepts and Network Security

Unlock this course with a free trial

Join today to access over 22,600 courses taught by industry experts.

Cross-site request forgery

Cross-site request forgery

From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 1 Security Concepts and Network Security

Start my 1-month free trial Buy for my team

Cross-site request forgery

- [Instructor] Cross-site request forgery, or CSRF, is a way that attackers can force a trusted user to perform unauthorized and unintended actions. You may also see these attacks referred to as Session Riding, where an innocent user with a trusted and established session is fooled into performing actions that they did not intend. These actions include things like changing their associated email address or password for an account or making a bank transfer. These attacks typically affect applications or websites where HTTP requests are sent to a target. As an example of a CSRF action, let's talk about an unauthorized bank transfer. Here, we see what might be a typical GET request for a bank transfer. The attacker would definitely have interest in this action, which is a privileged action, based on the trusted user session. The attacker would not be able to send this GET request to the bank on their own. They rely on having a trusted user session established in order for this to work…

Contents