ShieldReport
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign InRun Free Scan
Run Scan
HomeWhat We CheckToolsWikiCompareRoadmapPricingBlogSign In
← Back to Wiki

Cross-Site Request Forgery (CSRF)

medium
A01:2021CWE-352Session Management

What is CSRF?

CSRF tricks an authenticated user's browser into sending unintended requests to a web application, executing actions without their knowledge.

How it works

An attacker creates a malicious page containing a form or script that sends a request to the target application. When an authenticated user visits this page, their browser automatically includes session cookies with the forged request.

Impact

Unauthorised fund transfers, email address changes, password resets, privilege escalation, and any state-changing action the victim is authorised to perform.

How ShieldReport detects this

ShieldReport checks for missing CSRF tokens in forms, missing SameSite cookie attributes, and absence of Origin/Referer validation.

How to fix it

Implement anti-CSRF tokens (synchronizer pattern). Set SameSite=Strict or Lax on session cookies. Validate Origin and Referer headers on state-changing requests.

Tags

sessionbrowsercookiesowasp-top-10

Is your site vulnerable to CSRF?

Run a free scan to find out in under 2 minutes.

Scan Now
ShieldReport

Website security scanning and reporting for developers, teams, and agencies.

ShieldReport - Security reports done in minutes which developers understand | Product Hunt

Product

  • Free Security Scan
  • What We Check
  • Pricing
  • Sample Report

Resources

  • Security Blog
  • FAQ
  • Website Security Checklist
  • CSP Guide

Topics

  • Security Headers
  • TLS Configuration
  • OWASP Top 10
  • Vulnerability Scanning

© 2026 ShieldReport. All rights reserved.

Run Free ScanPricingBlogSitemapRSS Feed