Cisco Blogs

Cross-Site Request Forgery Attacks and Mitigations

- April 5, 2013 - 0 Comments

Cross-Site Request Forgery (CSRF) attacks: there are already enough articles out there that can explain what a CSRF attack is and provide potential examples. There are also plenty of security alerts that have been released by various vendors whose products are affected by CSRF-related vulnerabilities.

CSRF attacks usually target web applications and attempt to make unwanted changes on server data or extract sensitive information from a web application. Attackers do this by luring an authenticated user into making a specially crafted web request. It’s important, regardless of role, for everyone to have a basic understanding of CSRF attacks and the available options to protect against them.

For more information about basic CSRF concepts and potential mitigations, see our new Applied Mitigation Bulletin Understanding Cross-Site Request Forgery Threat Vectors. Although this document does not attempt to provide all the technical details associated with CSRF, it does aim to summarize the CSRF technique and provide methods that can be potentially used by developers, network administrators and users to protect against CSRF attacks.

For all things related to Security don’t forget to visit the Cisco Security Intelligence Operations (SIO) Portal—the primary outlet for Cisco’s security intelligence and the public home to all of our security-related content. Just go to

Leave a comment

We'd love to hear from you! To earn points and badges for participating in the conversation, join Cisco Social Rewards. Your comment(s) will appear instantly on the live site. Spam, promotional and derogatory comments will be removed.

All comments in this blog are held for moderation. Your comment will not display until it has been approved

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.