Understanding CSRF Attacks
Published on:I researched web security recently as I was writing Understanding Asynchronous JavaScript — I wanted to make sure my recommendations were secure and that I'm not doing any of my students a disservice with my recommendations.
Unfortunately, articles in the security space were pretty hard to understand. Many words trigger lots of fear, uncertainty, and doubt in the articles. I get emotionally panicky when I read these articles — and I worry I may end up doing something wrong — even though the intention of these articles was good!
Many articles also don't disclose full details CSRF, how to set up a CSRF Attack, and how to prevent a CSRF Attack, which leaves me doubtful about what I learned. I end up having to figure things out on my own.
I want to make it easier for you to understand CSRF, so I took a stab at writing an article with complete (and step-by-step) information about CSRF Attacks. I hope this article gives you the clarity and confidence you need to build secure web applications.