Complete the code to identify the type of attack described.
An attack where unauthorized commands are transmitted from a user that the web application trusts is called [1].
Cross-site request forgery (CSRF) tricks a user into submitting unwanted actions on a web application where they are authenticated.
Complete the code to describe a common defense against CSRF.
A common defense against CSRF attacks is to use a [1] token that is unique to each user session.A CSRF token is a secret, unique value sent with requests to verify the request is legitimate.
Fix the error in the description of CSRF protection.
To protect against CSRF, the server should check if the request includes a valid [1] token matching the user's session.
The server verifies the CSRF token to ensure the request is from the legitimate user.
Fill both blanks to complete the explanation of how CSRF tokens work.
The server generates a [1] token and includes it in the [2] form to verify legitimate requests.
The CSRF token is a secret value included as a hidden field in forms to validate requests.
Fill all three blanks to complete the code snippet that checks CSRF token validity.
if request.method == 'POST' and request.form.get('[1]') == session.get('[2]'): process_request() else: raise [3]('Invalid CSRF token')
The code compares the CSRF token from the form with the one stored in the session. If they don't match, it raises a security error.