ABSTRACT

Cross-site request forgery (CSRF) is a common web attack, but many develop-ers do not know it well. CSRF is very destructive and also the most easily overlooked attack  in web security; many engineers do not quite understand its preconditions and hazards.