CSRF and Cross Origin Request Sharing

Cross Site Request Forgery (CSRF) is a pretty straightforward flaw to take advantage of.  Explaining it can be more difficult, due to the number of conditions that have to be met.  This post isn’t meant to be a primer on CSRF, but here are the conditions that must occur. The targeted app has a critical transaction that uses predictable inputs … Read More