Testing for Cross Site Request Forgery
OWASP
OWASP Web Security Testing Guide 4.2 > 6. Session Management Testing > 6.5. Testing for Cross Site Request Forgery
ID | Link to Hackinglife | Link to OWASP | Description |
---|---|---|---|
6.5 | WSTG-SESS-05 | Testing for Cross Site Request Forgery | - Determine whether it is possible to initiate requests on a user's behalf that are not initiated by the user. - Conduct URL analysis, Direct access to functions without any token. |
Cross Site Request Forgery (CSRF) is a type of web security vulnerability that occurs when an attacker tricks a user into performing actions on a web application without their knowledge or consent. A successful CSRF exploit can compromise end user data and operation when it targets a normal user. If the targeted end user is the administrator account, a CSRF attack can compromise the entire web application.