Which of the following is correct for CSRF attack?
1.It tricks user to send malicious request to server.
2.Cookie can be used in CSRF attack
3.Both 1 and 2
4.None of the mentioned above
Answers
Answered by
5
HELLO DEAR,
Option (3) Both 1 and 2.
CSRF ( Cross- site request forgery ) It is an example of confused attack against their browser because of their browser is trickled into summary for get request by less privilege attacker.As quick review ,csrf exist because web application trust the cookies in web browser within and http request.
The cookies contain the csrf token, I sent by the server.The legitimate client must read the csrf token out of cookies.
I HOPE IT'S HELP YOU DEAR,
THANKS.
Answered by
2
Both statements 1 and 2 are correct for CSRF attack.
- The CSRF attack is also known as Cross-Site Request Forgery.
- It is a critical attack inadvertently causing an end user to employ web applications where they are already authenticated to allegedly perform unauthorized actions.
- An attack allows following requests that alter the state drastically, such as the transfer of funds or the change of addresses.
- The extensive use of a cookie to typically provide the client with the CSRF token does not allow a successful attack, as the attacker is unable to follow the cookie's value and thus can't place it where it is necessary for server-side validation.
Similar questions