Cross-Site Request Forgery (CSRF) vulnerabilities occur when attackers trick users into performing unwanted actions on websites where they are authenticated, potentially leading to unauthorized state changes.
Cross-Site Request Forgery (CSRF) Overview
Missing CSRF Protection
Insecure Cookie Configuration
Relying Only on Request Origin
CSRF in REST APIs
Double Submit Cookie Pattern
SameSite Cookie Attribute
CSRF in Multi-Step Operations
Login CSRF
CSRF Protection in Single Page Applications
CSRF Prevention Checklist