CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-352

From aldeid
Jump to navigation Jump to search

CWE-352: Cross-Site Request Forgery (CSRF)

Description

CSRF (also called XSRF) attacks consist of tricking a legitimate user into activating a request to a web site, transparently and unwittingly.

Read more...

Risk measurement

Weakness Prevalence High
Remediation Cost High
Attack Frequency Often
Consequences Data loss, Code execution
Ease of Detection Moderate
Attacker Awareness Medium

Comments

Talk:CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-352