Cross Site Request Forgery (CSRF or XSRF) is a type of attack where the hacker takes control of the victim's browser and impersonates an authorized user.
Once logged into a website, the hacker acts on the user's behalf by, for example, making malicious requests to the web application. CSRF attacks are also known as"session riding" or "one click attacks".
CSRF attacks can be used, for example, to change firewall settings, send unauthorized data, or perform fraudulent transactions. Vulnerable users are unaware of the attacks in question. If they are aware of the attacks at all, it is only after the damage has already been done.
CSRF attacks are carried out by the attacker spying on the user's identity and hacking the web server with the user's identity. Such an attack can also be carried out via an HTTP request that the user answers with his sensitive data.