Posts Tagged ‘authorization’

Is your Web API susceptible to a CSRF exploit?

Cross-site request forgery (CSRF) is a type of security exploit where a user’s web browser is tricked by a third-party site into performing actions on websites that the user is logged into. It is often a difficult attack to pull off, as it requires a number of factors to line up at once. Protecting against it requires good discipline and good design practices, especially when it comes to protecting Web APIs.

Here’s a brief example of a fictitious CSRF attack against a bank:

(more…)