Register

To become a member of ITProPortal Register here.

Already a member? Login here

Please register below. All we need is a valid email address and a password.

Please use a real email address as we need to email you to confirm your account.
Must be at least 6 characters long.

Benefits of joining ITProPortal:

  • Unlimited Access to Special Reports and White Papers
  • Exclusive offers and discounts
  • Free entry to all competitions
  • Access to beta sections of ITProPortal.com

Login to your account



Forgot your password?

Submit
Register
Cancel

Cros-site request forgery

Cros-site request forgery
  • Digg del.icio.us reddit Facebook

IIt is also known as one click attack, sidejacking or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a type of malicious exploit of websites.

Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.

CSRF vulnerabilities have been known and in some cases exploited since the 1990s.Because it is carried out from the user's IP address, CSRF is untraceable. Exploits are under-reported, at least publicly, and as of 2007 there are few well-documented examples. About 18 million users of eBay's Internet Auction Co. at Auction.co.kr in Korea lost personal information in February 2008.

Rest of the article here

You are reading page 1 of 1
1
Desire Athow

Posted by Desire Athow on 05 June 2008

Désiré Athow is the Content Editor for ITProportal.com and has been writing tech articles for nearly a decade. You can follow him on Twitter.

Tags: Security