Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

Parameters to Check

Check if present in the header of the request
		- SOP
		- CORS
		- HTTP-Only
		- domain
		- path
		- same site
		- secure 
		- value 
		
Cookie expire time
		
Persistent session cookie 

Possible Attack Vector’s

Example:- [https://vuln-website(.)com/email/change](https://vuln-website(.)com/email/change)[email protected]

Or in request Method

GET - List User

POST - Add User

Lab:- https://portswigger.net/web-security/csrf/lab-no-defenses

Testing Scope and Vectors

Automation Testing

Continues testing

Testing methods

Mitigation