Question

Identify the web application attack where attackers exploit webpage vulnerabilities to force an unsuspecting user’s browser to send malicious requests they did not intend. The victim holds an active session with a trusted site and simultaneously visits a malicious site, which injects an HTTP request for the trusted site into the victim user’s session, compromising its integrity

Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
LDAP Injection attack
SQL injection attack

Answer 1

Cross-Site Request Forgery (CSRF)

Step-by-step explanation:

• Cross-Site Request Forgery ( CSRF ) is an attack in which the attacker tricks the user into making malicious requests.
• In this kind of attacks, the victims sends the unwanted, malicious HTTP requests ( GET requests and POST requests) to a website.
• As the name itself (CSRF) suggests, it involves forging the identity of the user and the attacker make malicious requests on the website.
• The CSRF attacks also facilitates another attack called Croos-site Scripting (XSS).
• The two types of preventing methods for CSRF attacks are (a) Using Anti - CSRF Tokens (b) Preventing sending the cookies.