Cross-site request forgery (CSRF) is another common web vulnerability, in which an attacker tricks the victim's browser into generating requests to a website which performs certain actions on behalf of the logged in user or the victim. The web server processing the request executes the desired actions of the request, as it looks similar to any normal request generated by the users' browser. CSRF vulnerabilities can vary a lot in severity; benign ones can change settings or post on someone's behalf, but critical ones can result in password change, account takeover, and so on.

CSRF has been commonly featured in the OWASP Top-10 vulnerability list for the past few years. It's a widely misunderstood vulnerability ...