What is a CSRF attack?

A CSRF (Cross-Site Request Forgery) attack is an attack that tricks a user into submitting unauthorized requests. This type of attack exploits the trust that a website has in the user's browser. When a user is authenticated to a web application, the application can interpret requests made by the user, assuming they are legitimate. If an attacker can entice the user to click on a link or load a page that sends an unauthorized request, the web application may process that request as if it came from the rightful user, resulting in unauthorized actions being taken.

For instance, if a user is logged into their bank account and visits a malicious site that contains a crafted request to transfer funds, their browser might execute that request without the user's knowledge. Therefore, the attack relies on the user's session and the web application's lack of verification for the origin of the request, making this definition of CSRF succinct and accurate.