Understanding
Attacks
CSRF
Learn how Cross-Site Request Forgery works,
why it’s dangerous, and how to defend against
it.
How Does It Work?
1. You log in to a website (e.g., bank.com)
2. You visit a malicious website in another tab
3. That site sends a hidden request to bank.com
4. Your browser executes it because you’re still logged in
Why It’s Dangerous
No malware or credentials needed
Works silently behind the scenes
Can change passwords, delete accounts, or make purchases
⚠ You may not even notice it happened until it's too late.
How to Prevent CSRF (Website
Side)
Use CSRF tokens in forms
Enable SameSite cookies
Require re-authentication for sensitive
actions
Validate request origins and headers