CRSF stands for Cross-site request forgery.
CSRF is also used as an abbreviation in defences against CSRF attacks,
such as techniques that use header data, form data, or cookies, to test
for and prevent such attacks.
The app must send a request header called X-CSRF-Token with the value fetch in this call. The server generates a token, stores it in the user's session table, and sends the value in the X-CSRF-Token HTTP response header.
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are submitted from a user that the web application trusts.
cross-site scripting (XSS), exploits the trust a user has for a particular site,
CSRF exploits the trust that a site has in a user's browser.
Source:https://en.wikipedia.org/wiki/Cross-site_request_forgery
No comments:
Post a Comment
Please add value. Sharing is caring