CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-352

From aldeid

Jump to navigation Jump to search

CWE-352: Cross-Site Request Forgery (CSRF)

Description

CSRF (also called XSRF) attacks consist of tricking a legitimate user into activating a request to a web site, transparently and unwittingly.

Risk measurement

Weakness Prevalence	High
Remediation Cost	High
Attack Frequency	Often
Consequences	Data loss, Code execution
Ease of Detection	Moderate
Attacker Awareness	Medium

Comments

Talk:CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-352

Retrieved from "https://www.aldeid.com/w/index.php?title=CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-352&oldid=35573"

Share your opinion