Skip to content

Testing for Cross Site Request Forgery

OWASP

OWASP Web Security Testing Guide 4.2 > 6. Session Management Testing > 6.5. Testing for Cross Site Request Forgery

ID Link to Hackinglife Link to OWASP Description
6.5 WSTG-SESS-05 Testing for Cross Site Request Forgery - Determine whether it is possible to initiate requests on a user's behalf that are not initiated by the user. - Conduct URL analysis, Direct access to functions without any token.

Cross Site Request Forgery (CSRF) is a type of web security vulnerability that occurs when an attacker tricks a user into performing actions on a web application without their knowledge or consent. A successful CSRF exploit can compromise end user data and operation when it targets a normal user. If the targeted end user is the administrator account, a CSRF attack can compromise the entire web application.

See my notes

Last update: 2024-04-02
Created: December 26, 2023 19:00:18