0
0
Cybersecurityknowledge~5 mins

Cross-site request forgery (CSRF) in Cybersecurity - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime
Recall & Review
beginner
What is Cross-site request forgery (CSRF)?
CSRF is a type of cyber attack where a malicious website tricks a user's browser into performing unwanted actions on a trusted site where the user is logged in.
Click to reveal answer
beginner
How does a CSRF attack typically work?
An attacker creates a fake request that looks legitimate and tricks the user's browser into sending it to a trusted website, causing actions like changing passwords or making purchases without the user's consent.
Click to reveal answer
intermediate
Why is a user’s login session important in CSRF attacks?
Because CSRF exploits the fact that the user is already logged into a trusted site, so the site trusts requests coming from the user's browser without verifying if the user intended the action.
Click to reveal answer
beginner
Name one common method to prevent CSRF attacks.
Using CSRF tokens: unique, secret values included in forms or requests that the server checks to confirm the request is genuine and intended by the user.
Click to reveal answer
intermediate
What role does the 'SameSite' cookie attribute play in CSRF protection?
The 'SameSite' attribute restricts cookies from being sent with cross-site requests, reducing the risk that a malicious site can use the user's cookies to perform CSRF attacks.
Click to reveal answer
What does CSRF stand for?
ACross-site request forgery
BCross-site resource failure
CCross-server request function
DClient-side request form
Which of the following best describes a CSRF attack?
AAn attacker steals user passwords by phishing.
BAn attacker installs malware on the user’s device.
CAn attacker tricks a user’s browser to send unauthorized requests to a trusted site.
DAn attacker intercepts data between two servers.
Which security measure helps prevent CSRF attacks?
AUsing strong passwords
BImplementing CSRF tokens
CDisabling JavaScript
DEncrypting data in transit
Why does CSRF rely on the user being logged in to the target site?
ABecause logged-in users can change browser settings.
BBecause logged-in users have admin rights.
CBecause logged-in users can install software.
DBecause logged-in users have cookies that authenticate requests.
What does the 'SameSite' cookie attribute do to help prevent CSRF?
ABlocks cookies from being sent with cross-site requests.
BAllows cookies to be sent with all requests.
CEncrypts cookies on the server.
DDeletes cookies after each session.
Explain in your own words what a Cross-site request forgery (CSRF) attack is and why it is dangerous.
Think about how a trusted website can be tricked into doing something the user did not want.
You got /4 concepts.
    Describe two common ways websites protect themselves against CSRF attacks.
    Consider what websites check or restrict to confirm requests are genuine.
    You got /3 concepts.