Security Glossary

Definition

CSRF

What is Cross-Site Request Forgery?

An attack that tricks an authenticated user's browser into submitting an unauthorized request to a web application where the user is currently logged in. Because the request originates from the legitimate user's browser, it carries valid session credentials, allowing the attacker to perform state-changing actions — such as fund transfers, email changes, or account deletions — without the victim's knowledge. CSRF is mitigated by anti-forgery tokens and the SameSite cookie attribute.

Related terms

Put this into practice
Autonomous OWASP vulnerability scanning
See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.