Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?
Which one of the following threat types to applications and services involves the sending of requests that are invalid and manipulated through a user's client to execute commands on the application under the user's own credentials?
A cross-site request forgery (CSRF) attack involves the sending of invalid and manipulated requests through a user's client. These requests are executed on the application under the user's own credentials, making the application believe that the requests are legitimate and originating from a trusted user. The attack exploits the trust that an application has in the user's browser.
D. Cross-site request forgery
Cross-site request forgery (CSRF) involves tricking an authenticated user's browser into sending manipulated, unauthorized requests to an application. These requests are made using the user's own credentials, effectively causing the application to execute commands as if they were legitimately initiated by the user. This is distinct from injection (which manipulates input to exploit vulnerabilities) or cross-site scripting (which injects malicious scripts into web pages)