What is CSRF token and its purpose?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

What is CSRF token and its purpose?

Explanation:
CSRF tokens are secret values tied to a user session that must accompany requests that change state on a web application. Their purpose is to prevent cross-site request forgery. When a page is loaded, the server issues a token and embeds it in the page (as a hidden form field or a header). When a state-changing action is performed, the client sends the token back, and the server verifies that it matches the token issued for that session before executing the action. This stops a malicious site from tricking a logged-in user into performing unwanted actions, because the attacker cannot obtain the correct token due to the same-origin policy. It’s not about encrypting the whole session, bypassing authentication, or approving network connections.

CSRF tokens are secret values tied to a user session that must accompany requests that change state on a web application. Their purpose is to prevent cross-site request forgery. When a page is loaded, the server issues a token and embeds it in the page (as a hidden form field or a header). When a state-changing action is performed, the client sends the token back, and the server verifies that it matches the token issued for that session before executing the action. This stops a malicious site from tricking a logged-in user into performing unwanted actions, because the attacker cannot obtain the correct token due to the same-origin policy. It’s not about encrypting the whole session, bypassing authentication, or approving network connections.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy