Tackling cross-site request forgery (CSRF) on company websites

Read the original article: Tackling cross-site request forgery (CSRF) on company websites


Everyone with half a mind for security will tell you not to click on links in emails, but few people can explain exactly why you shouldn’t do that (they will usually offer a canned ‘hackers can steal your credentials if you do’ explanation) Cross-Site Request Forgery (CSRF) is that reason. Clicking on that link means that an attacker can fake any user-supplied input on a site and make it indistinguishable from a user doing it … More

The post Tackling cross-site request forgery (CSRF) on company websites appeared first on Help Net Security.


Read the original article: Tackling cross-site request forgery (CSRF) on company websites