CSRF (Cross-Site Request Forgery, aka one-click attack) is an attack that tricks a web browser into performing an unwanted action within an application, which a victim is logged into. If a victim visits a website created by an attacker, a request is sent secretly on behalf of a user to another server that performs a malicious action.

To make this attack possible, a victim has to be authenticated on the server to which the request is sent. This request should not require any confirmation, which can’t be ignored or tampered with an attacking script.

A forged request is sent to…


Hacktory are professional AppSec, Red and Blue Teams developing their game-based cybersecurity educational platform https://hacktory.ai/

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store