CSRF (Cross-Site Request Forgery)

CSRF, which stands for Cross-Site Request Forgery, is a type of security vulnerability that exploits the trust a web application has in a user's browser. It occurs when an attacker tricks a victim into performing an unintended action on a web application without their knowledge or consent.

 

In a CSRF attack, the attacker crafts a malicious website or email that contains a specially-crafted request to the targeted web application. This request typically includes the victim's authentication cookies or session information, as their browser automatically includes them with each request to the application's domain.

 

When the victim accesses the attacker's website or clicks on a malicious link, the browser unknowingly sends the request to the targeted web application, authenticating it with the victim's credentials. As a result, the web application processes the request, assuming it came from the legitimate user, and performs the unintended action.

 

For example, imagine a banking website that allows users to transfer funds by submitting a form with the destination account and the amount. An attacker could construct a malicious webpage with a hidden form that automatically submits a transfer request to the banking website when loaded in the victim's browser. If the victim is authenticated on the banking website and visits the malicious page, the transfer request will be executed, potentially transferring funds to the attacker's account.

 

To prevent CSRF attacks, web applications employ various countermeasures:

1. CSRF Tokens: Web applications can generate and include unique tokens in each form or request to verify the legitimacy of the request. The token is typically stored as a session or user-specific value and must be included in the request for it to be considered valid. Attackers cannot retrieve or forge these tokens, making their malicious requests ineffective.
2. SameSite Cookies: Setting the SameSite attribute for cookies helps mitigate CSRF attacks. By specifying "SameSite=Strict" or "SameSite=Lax" for cookies, the browser ensures that cookies are not sent on cross-origin requests, reducing the risk of CSRF attacks.
3. Referer Header Checking: The server can examine the Referer header of the incoming requests to verify that they originate from the same domain. However, this approach is not foolproof as the Referer header can be manipulated or omitted by certain browser settings.
4. CAPTCHAs: Including CAPTCHAs (Completely Automated Public Turing test to tell Computers and Humans Apart) in critical forms can prevent automated CSRF attacks by requiring users to solve a challenge to prove they are human.
5. Logout CSRF Protection: Implementing proper logout mechanisms can protect against CSRF attacks aimed at tricking users into unknowingly logging out of a web application.

It's important for developers to implement a combination of these countermeasures and follow secure coding practices to mitigate CSRF vulnerabilities in their web applications. Additionally, users should be cautious when clicking on unfamiliar links or accessing websites with a lower level of trust, as this reduces the risk of falling victim to CSRF attacks.

 

https://itstory.tk/entry/CSRF-%EA%B3%B5%EA%B2%A9%EC%9D%B4%EB%9E%80-%EA%B7%B8%EB%A6%AC%EA%B3%A0-CSRF-%EB%B0%A9%EC%96%B4-%EB%B0%A9%EB%B2%95

CSRF 공격이란? 그리고 CSRF 방어 방법

more technical

https://junhyunny.github.io/information/security/spring-boot/spring-security/cross-site-reqeust-forgery/

CSRF(Cross-Site Request Forgery) 공격과 방어

https://owasp.org/www-community/attacks/csrf

Cross Site Request Forgery (CSRF) | OWASP Foundation