0
0
Cybersecurityknowledge~20 mins

Cross-site request forgery (CSRF) in Cybersecurity - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime
Challenge - 5 Problems
πŸŽ–οΈ
CSRF Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
2:00remaining
Understanding the Nature of CSRF Attacks

What best describes a Cross-site request forgery (CSRF) attack?

AAn attacker floods a website with traffic to cause a denial of service.
BAn attacker intercepts and reads data sent between a user and a website.
CAn attacker injects malicious code into a website to steal user data.
DAn attacker tricks a user into submitting a request to a trusted website without their consent.
Attempts:
2 left
πŸ’‘ Hint

Think about how the attacker uses the user's browser to perform actions.

πŸ“‹ Factual
intermediate
2:00remaining
Common Defense Mechanisms Against CSRF

Which of the following is a common and effective defense against CSRF attacks?

AUsing CAPTCHAs on all form submissions.
BImplementing CSRF tokens that are unique per user session.
CEncrypting all website traffic with HTTPS.
DBlocking all cookies from being sent by the browser.
Attempts:
2 left
πŸ’‘ Hint

Look for a method that verifies the legitimacy of requests from the user.

πŸ” Analysis
advanced
2:00remaining
Analyzing a CSRF Attack Scenario

A user is logged into their bank website. Meanwhile, they visit a malicious site that contains a hidden form that submits a money transfer request to the bank. Why does this attack succeed?

ABecause the malicious site can read the user's bank session cookies directly.
BBecause the bank website does not use HTTPS to encrypt requests.
CBecause the user's browser automatically includes the bank's cookies when submitting the hidden form.
DBecause the user manually submitted the form on the malicious site.
Attempts:
2 left
πŸ’‘ Hint

Consider how browsers handle cookies and requests across different sites.

❓ Comparison
advanced
2:00remaining
Comparing CSRF and XSS Attacks

Which statement correctly distinguishes CSRF from Cross-site scripting (XSS)?

ACSRF exploits the website's trust in the user, while XSS exploits the user's trust in a website.
BCSRF injects malicious scripts into a website, while XSS tricks users into submitting unauthorized requests.
CCSRF attacks steal cookies directly, while XSS attacks only cause denial of service.
DCSRF requires user interaction, while XSS does not.
Attempts:
2 left
πŸ’‘ Hint

Think about who is being tricked in each attack type.

❓ Reasoning
expert
2:00remaining
Evaluating CSRF Protection Effectiveness

A web application uses the 'SameSite' cookie attribute set to 'Strict' for session cookies. What is the expected impact on CSRF attacks?

ACSRF attacks will be prevented because cookies are not sent with cross-site requests.
BCSRF attacks will increase because 'SameSite=Strict' allows all cross-site cookies.
CCSRF attacks will be prevented only if HTTPS is also used.
DThere will be no impact because 'SameSite' only affects cookie encryption.
Attempts:
2 left
πŸ’‘ Hint

Consider how the 'SameSite' attribute controls cookie behavior in cross-site requests.