Understanding Cross‑Site Request Forgery (CSRF): Theory, Attacks, and Defenses
Table of Contents Introduction What Is CSRF? A Brief History of CSRF How CSRF Works – The Mechanics Common Attack Vectors 5.1 GET‑based CSRF 5.2 POST‑based CSRF 5.3 JSON & AJAX CSRF 5.4 CSRF via CORS Misconfiguration Real‑World CSRF Incidents Defensive Strategies 7.1 Synchronizer Token Pattern (CSRF Token) 7.2 Double‑Submit Cookie 7.3 SameSite Cookie Attribute 7.4 Origin & Referer Header Validation 7.5 Custom Request Headers & Content‑Type Checks 7.6 CAPTCHA & Interaction‑Based Mitigations Implementation Examples Across Frameworks 8.1 Node.js / Express 8.2 Python / Django 8.3 Java / Spring MVC 8.4 ASP.NET Core Testing & Verification Best‑Practice Checklist Future Directions & Emerging Trends 12 Conclusion 13 Resources Introduction Cross‑Site Request Forgery (CSRF) remains one of the most insidious web‑application vulnerabilities despite being well‑known for more than a decade. Unlike injection attacks that exploit server‑side parsing, CSRF leverages the trust a web browser places in a user’s authenticated session. An attacker tricks a victim’s browser into performing an unwanted state‑changing request (e.g., transferring money, changing an email address, or deleting a record) while the browser automatically includes the victim’s cookies or authentication tokens. ...