14 · Shipping & Collaboration
CSRF
Cross-Site Request Forgery
A trick where a malicious page makes your browser call a site where you are already logged in. Defenses include anti-CSRF tokens and careful cookie rules.
Concrete example
A hidden form on an evil page that submits “transfer money” to your bank while you are logged in.
Why it matters
Matters whenever cookie-based auth can mutate state.