CSRF Explanation request

Question

I don't understand CSRF very well, so could anyone please give me example for it, supposed I've example.com web page, &nbsp;
and what's the difference between CSRF &amp; cookie hijacking  or seeion hijacking.&nbsp;

nathe · Answer

Here's an example.&nbsp;
You're logged onto your banking website and you receive an email from an attacker with a link to click on. This link has a maliciously crafted request to post £100 into his account from your own account. Once you click on the link this request goes through i.e. a fraudulent, unwanted transaction.&nbsp;
Relies on pre-authenticated session already existing. Also, to the backend server it looks like a legitimate request - there's not way of distinguishing it.&nbsp;
Ways to mitigate are things like a requirement to re-enter your password when transferring money, or CAPTCHA confirmation or using Tokens. ASM can mitigate CSRF by injecting tokens into the application that can't be posted in a malicious link.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

CSRF Explanation request

1 Reply

Recent Discussions

Need help on i-rule to specific uri path

Reverse Proxy Not Behaving

F5 terminal - help to run commands - disk space full

vulnerabilities-CVE-2020-16150 & CVE-2013-0169

google autenticator broken barcode

Related Content

How To Protect Your Applications from Cross Site Request Forgery (CSRF) with F5 Distributed Cloud

Explanation of F5 DDoS threshold modes

Logging DNS Requests

Distributed caching of authentication requests with NGINX Ingress Controller

Hands-on Explanation of Kubernetes Role-Based Access Control