{"id":49167,"date":"2023-10-12T16:06:37","date_gmt":"2023-10-12T14:06:37","guid":{"rendered":"https:\/\/cyberant.com\/what-is-cross-site-request-forgery-csrf\/"},"modified":"2023-11-09T11:42:01","modified_gmt":"2023-11-09T10:42:01","slug":"what-is-cross-site-request-forgery-csrf","status":"publish","type":"post","link":"https:\/\/cyberant.com\/en\/what-is-cross-site-request-forgery-csrf\/","title":{"rendered":"What is cross-site request forgery (CSRF)?"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lnn0vm8h-67952b682b009e2aeaf9fcb7ed2a218d\">\n#top .av_textblock_section.av-lnn0vm8h-67952b682b009e2aeaf9fcb7ed2a218d .avia_textblock{\nfont-size:40px;\n}\n<\/style>\n<section  class='av_textblock_section av-lnn0vm8h-67952b682b009e2aeaf9fcb7ed2a218d '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><h1>What is cross-site request forgery (CSRF)?<\/h1>\n<\/div><\/section>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-vgjsuh-10531188daa1201c1bc5e9a5d0259ca4\">\n#top .hr.hr-invisible.av-vgjsuh-10531188daa1201c1bc5e9a5d0259ca4{\nheight:30px;\n}\n<\/style>\n<div  class='hr av-vgjsuh-10531188daa1201c1bc5e9a5d0259ca4 hr-invisible  avia-builder-el-1  el_after_av_textblock  el_before_av_textblock '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lnn94msl-112e1d60d487d97d387db7f0261dd9ea\">\n#top .av_textblock_section.av-lnn94msl-112e1d60d487d97d387db7f0261dd9ea .avia_textblock{\nfont-size:16px;\n}\n<\/style>\n<section  class='av_textblock_section av-lnn94msl-112e1d60d487d97d387db7f0261dd9ea '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p><span class=\"lead\">Cross-site request forgery (CSRF) is a type of security vulnerability that allows attackers to trick users into performing actions they did not intend. This is done by making a request on behalf of the (logged in) user without the user&#8217;s knowledge or consent.<\/span><\/p>\n<p><img decoding=\"async\" class=\"wp-image-49165 size-featured_large\" src=\"https:\/\/cyberant.com\/wp-content\/uploads\/2023\/10\/Cross-site-request-forgery-kennisbank-artikel-1180x630.jpg\" alt=\"\" width=\"1180\" height=\"630\"><\/p>\n<p>CSRF attacks often involve tricking the user into clicking on a malicious link or visiting a malicious website. Once the user is on the site, the attacker can use his existing session information to make requests on his behalf, potentially allowing the attacker to steal sensitive information or perform actions that the user did not intend to do.<\/p>\n<p>A common example of a CSRF attack is an attacker sending a malicious email to a user containing a link that appears to be legitimate. When the user clicks on the link, he is redirected to a website operated by the attacker, where the attacker can use his existing session information to perform actions on his behalf, such as changing a password.<\/p>\n<p>To prevent CSRF attacks, it is important for websites to implement proper security measures. This can include using unique, unpredictable tokens for each request (called CSRF tokens), checking the HTTP referrer header to verify that the request comes from a trusted source, and implementing strict security policies for handling sensitive actions.<\/p>\n<p>It is also important that users exercise caution when clicking on links and visiting websites, especially if they are unsure of the source or legitimacy of the link. By taking these precautions, users can protect themselves and their information from misuse by attackers.<\/p>\n<div class=\"text-center\">\n<div class=\"post-thumbnail\"><\/div>\n<\/div>\n<\/div><\/section>\n<div  class='hr av-zg19mx-91e5ad0547e0dcb97039723c6e6195d1 hr-default  avia-builder-el-3  el_after_av_textblock  el_before_av_social_share '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\n<div  class='av-social-sharing-box av-qqieh5-c1a059566ef020ee496675113b50f5ec av-social-sharing-box-default  avia-builder-el-4  el_after_av_hr  avia-builder-el-last  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc '>Share this article<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href='https:\/\/www.facebook.com\/sharer.php?u=https:\/\/cyberant.com\/en\/what-is-cross-site-request-forgery-csrf\/&#038;t=What%20is%20cross-site%20request%20forgery%20%28CSRF%29%3F' aria-hidden='false' data-av_icon='\ue8f3' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share on Facebook'><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter' ><a target=\"_blank\" aria-label=\"Share on X\" href='https:\/\/twitter.com\/share?text=What%20is%20cross-site%20request%20forgery%20%28CSRF%29%3F&#038;url=https:\/\/cyberant.com\/en\/?p=49167' aria-hidden='false' data-av_icon='\ue932' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share on X'><span class='avia_hidden_link_text'>Share on X<\/span><\/a><\/li><li class='av-share-link av-social-link-whatsapp' ><a target=\"_blank\" aria-label=\"Share on WhatsApp\" href='https:\/\/api.whatsapp.com\/send?text=https:\/\/cyberant.com\/en\/what-is-cross-site-request-forgery-csrf\/' aria-hidden='false' data-av_icon='\uf232' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share on WhatsApp'><span class='avia_hidden_link_text'>Share on WhatsApp<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href='https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=What%20is%20cross-site%20request%20forgery%20%28CSRF%29%3F&#038;url=https:\/\/cyberant.com\/en\/what-is-cross-site-request-forgery-csrf\/' aria-hidden='false' data-av_icon='\ue8fc' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share on LinkedIn'><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><li class='av-share-link av-social-link-mail' ><a  aria-label=\"Share by Mail\" href='mailto:?subject=What%20is%20cross-site%20request%20forgery%20%28CSRF%29%3F&#038;body=https:\/\/cyberant.com\/en\/what-is-cross-site-request-forgery-csrf\/' aria-hidden='false' data-av_icon='\ue805' data-av_iconfont='entypo-fontello' title='' data-avia-related-tooltip='Share by Mail'><span class='avia_hidden_link_text'>Share by Mail<\/span><\/a><\/li><\/ul><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":3,"featured_media":49166,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[195,216],"tags":[289,183,184,190,186,194,291,188],"class_list":["post-49167","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacken","category-knowledge-base","tag-csrf-attacks","tag-cyberaanval-en","tag-cyberrisk-en","tag-datalekken-en","tag-it-infrastructuur-beschermen-en","tag-pentest-en","tag-security-breach","tag-vulnerability-management-en"],"_links":{"self":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/49167","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/comments?post=49167"}],"version-history":[{"count":0,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/posts\/49167\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media\/49166"}],"wp:attachment":[{"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/media?parent=49167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/categories?post=49167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberant.com\/en\/wp-json\/wp\/v2\/tags?post=49167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}