From the course: PHP: Creating Secure Websites

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Cross-site request forgery (CSRF)

Cross-site request forgery (CSRF) - PHP Tutorial

From the course: PHP: Creating Secure Websites

Start my 1-month free trial

Cross-site request forgery (CSRF)

- [Instructor] In this movie, we'll learn how to use PHP to protect against cross-site request forgery, which is also known as CSRF. Cross-site request forgery is when a hacker tricks a user into making a request to a third-party website. In this case, your website. They can do it to generate fraudulent requests, request that the user did not intend to make. But most concerning, it can take advantage of a user's logged in state to perform privileged actions. Let's take a look at an example from the user's point of view. Imagine that you, as a user, are logged into your bank account. And once you're done with your banking, you navigate away from the window, but you don't actually click log out. That means you're logged in session with the bank is still open. The bank doesn't know that you've moved on to other websites. As far as they're concerned, you may click another link at any moment to perform another action. As you…

Contents