Q:2. One of the ways to prevent CSRF attack is that you should use _____ validation.
1.Referrer
2.CSRF token
3.browser
4.Both 1 and 2
Answer:- Both 1 and 2
Reason:- Cross site request forgery (CSRF), also known as XSRF, Sea Surf or Session Riding, is an attack vector that tricks a web browser into executing an unwanted action in an application to which a user is logged in. A successful CSRF attack can be devastating for both the business and user
Answers
Answer:
Cross-site request forgery attacks (CSRF or XSRF for short) are used to send malicious requests from an authenticated user to a web application. The attacker can’t see the responses to the forged requests, so CSRF attacks focus on state changes, not theft of data. Successful CSRF attacks can have serious consequences, so let’s see how CSRF works and how you can prevent it.
Explanation:
Legitimate Cross-Site Requests
When you are browsing a website, it is common for that website to request data from another website on your behalf. For example, in most cases, a video that is shown on a website is not typically stored on the website itself. The video appears to be on the website but is actually being embedded from a video streaming site such as YouTube. That’s the idea behind Content Delivery Networks (CDNs), which are used to deliver content faster. Many websites store scripts, images, and other bandwidth-hungry resources on CDNs, so during browsing, images and script files are downloaded from a CDN source rather than the website itself.
Answer:
Malicious requests can be sent from a logged-in user to a web application using cross-site request forgery (CSRF or XSRF) attacks. CSRF attacks concentrate on state changes rather than data theft because the attacker cannot see the responses to the falsified requests. Let's look at how CSRF operates and how you may avoid it as successful CSRF attacks can have negative effects.
Explanation:
Cross-Site Requests That Are Valid It is typical for a website to request data from another website while you are accessing that website. As an illustration, a video displayed on a website is often not saved on the website itself. The video is actually being embedded from a video streaming website like YouTube even though it appears to be on the website. Content Delivery Networks (CDNs), which are used to distribute content more quickly, are designed with such in mind. When a user browses a website, images and script files are downloaded from a CDN provider rather than the website itself because many websites store scripts, photos, and other bandwidth-intensive content on CDNs.
Hence , Malicious requests can be sent from a logged-in user to a web application using cross-site request forgery (CSRF or XSRF) attacks. CSRF attacks concentrate on state changes rather than data theft because the attacker cannot see the responses to the falsified requests. Let's look at how CSRF operates and how you may avoid it as successful CSRF attacks can have negative effects.
#SPJ3