Cross-Site Request Forgery (CSRF)
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Overview
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
CSRF attacks specifically target state-changing requests, not theft窃取 of data, since the attacker has no way to see the response to the forged伪造的 request.
With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing.
If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.
If the victim is an administrative account, CSRF can compromise(因行为不当)使陷入危险 the entire web application.
最新文章
- sphinx 配置文件全解析
- 深入理解JVM内幕:从基本结构到Java 7新特性
- iOS学习30之UITableView编辑
- 输入参数是NSDate,输出结果是星期几的字符串
- 数位DP之小小结
- 1202: [HNOI2005]狡猾的商人 - BZOJ
- 简单的虚拟摇杆控制移动(NGUI)
- 关于双11过后MATLAB许可过期问题的解决方案
- 请注意写代码的习惯与态度(Java)
- MongoDB 安装与配置
- 基金 、社保和QFII等机构的重仓股排名评测
- 补充:MySQL整理
- Coablt strike官方教程中文译版本
- Android 利用二次贝塞尔曲线模仿购物车加入物品抛物线动画
- 转 这种方法可以免去自己计算大文件md5 的麻烦
- muduo学习笔记(二)Reactor关键结构
- android studio Gradle Build速度加快方法
- IIS字体文件添加MIME映射
- 胡思乱想 & 胡言乱语
- sql表设计