CSRF, also known as XSRF attack, is somewhat similar to XSS attack in its delivery. The key difference is that while XSS targets the victim’s browser, performing scripts intended to reveal secrets or deface the website, a CSRF attack aims to carry out an unwanted action on the user’s behalf, using their existing authentication to the server.

One of the early internet hygiene tips I was told when I created my first email account was to avoid “clicking on random links” in emails that I was not expecting. For a long time, I thought this warning was made to avoid visiting sketchy websites, maybe the kind that would immediately initiate a download without my consent. However, a good part of the logic behind this advice stems from XSS concerns.

When I first began my cybersecurity training, I often fell into the trap of using pre-build tools when attempting to crack into practice boxes. I would often ultimately fall short because I didn’t understand how these tools worked behind the scenes. Recently, I had the great fortune of taking a semester-long offensive security course. This class not only made me aware of own my shortcomings when it came to the fundamentals of exploits, but gave me the opportunity to build my own exploits and really understand vulnerabilites at a low level.