SecurityIntermediate

What is CSRF (Cross-Site Request Forgery)?

An attack that tricks a logged-in user's browser into making unwanted requests to a site they are authenticated with.

Why It Matters

CSRF attacks can cause users to unknowingly perform actions like changing their password or transferring money.

Real-World Example

A malicious email containing a hidden form that transfers money from a user's bank when they open it.

“Understanding terms like CSRF (Cross-Site Request Forgery) matters because it helps you have better conversations with developers and make smarter decisions about your software. You do not need to be technical. You just need to know enough to ask the right questions.”
Callum Holt, Founder, 13Labs

Related Terms

XSS (Cross-Site Scripting)

A security vulnerability where attackers inject malicious scripts into web pages viewed by other users.

Authentication

The process of verifying who someone is, usually through a username and password

Token

A piece of data that represents your identity or permissions

Learn More at buildDay Melbourne

Want to understand these concepts hands-on? Join our one-day workshop and build a real web application from scratch.

Join buildDay Explore More Terms

Related Terms

Glossary

Authentication

The process of verifying who someone is, usually through a username and password

Glossary

Token

A piece of data that represents your identity or permissions

Glossary

XSS (Cross-Site Scripting)

A security vulnerability where attackers inject malicious scripts into web pages viewed by other users.

Glossary

Authorisation

Determining what actions or data a verified user is allowed to access

Glossary

OAuth

A standard that lets you log into apps using your existing accounts from Google, Facebook, or other providers

Glossary

JWT (JSON Web Token)

A secure digital pass that proves who you are without needing to check the database every time