Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is a web security vulnerability that tricks a web browser into executing an unwanted action on a trusted site for which the user is currently authenticated. CSRF attacks exploit the trust that a site has in a user’s browser, potentially leading to unauthorized transactions, changes in user settings, or data theft. Protecting against CSRF requires the implementation of anti-CSRF tokens, same-site cookies, and re-authentication for sensitive actions, ensuring that requests are intentionally and consciously made by the user.