A cross-site request forgery attack tricks a victim into using their credentials to invoke a state-changing activity. A cross site request forgery attack is a type of confused deputy (that’s a computer program that is fooled into misusing its authority) cyber attack that tricks a user into accidentally using their credentials to invoke a state changing activity, such as transferring funds from their account, changing their email address and password, or some other undesired action.
While the potential impact against a regular user is substantial, a successful CSRF attack against an administrative account can compromise an entire server, potentially resulting in complete takeover of a web application, API, or other service. Learn more in the Cloudflare Learning Center.
Knowledge in Action
The Cloudflare WAF is available on both the Pro and Business plans, upgrade here.
