bhai crosssite foregery request samjhao na koi

Question

526 viewsApril 10, 2024Cryptography & System Security css

0

Team April 10, 2024 0 Comments

Team Answered question April 10, 2024

1 Answer

You are viewing 1 out of 1 answers, click here to view all answers.

score 0 · Answer 1 · 2024-04-10T03:05:43+00:00

Cross-Site Request Forgery (CSRF) ek web security vulnerability hai, jisme ek attacker user ke browser ka access lekar unke naam par unauthorized requests bhej sakta hai, jab wo user kisi web application par logged in hota hai.

Yeh kaise hota hai:

Logged-in State: User ek website mein logged in hota hai, jaise banking ya social media website.
Attack Page Access: Phir user kisi aur website par jaata hai, jisme attacker ka control hota hai. Yeh page maasoom dikhta hai, lekin piche se attacker ka code hota hai.
Automatically Sent Requests: Attack page, user ke browser mein background mein, user ke bina kuch puchhe hi, maanle “hidden” request send karta hai, jise user nahi dekhta.
Unauthorized Actions: Kyunki user already logged in hota hai, jo request bheji jati hai, wo valid authentication tokens ke saath hoti hai, aur server usse maan leta hai, so it executes the action (like fund transfer, profile edit etc.) without user’s explicit consent.

CSRF attacks se bachne ke liye, developers kuch strategies istemaal karte hain:

CSRF Tokens: Har request ke saath unique token bhejna, jo ki attacker ke control se bahar hota hai.
SameSite Cookies: Cookies ko SameSite attribute ke saath set karna, taaki unhe cross-origin requests se bachaya ja sake.
Double Submit Cookies: CSRF token ko cookie aur request parameters dono mein include karna, aur server side mein verify karna.
Referer Header Checking: Request ke “Referer” header ko check karna, lekin yeh reliable nahi hota, kyunki browsers mein user privacy settings se ise block kiya ja sakta hai.
Custom Headers: Additional custom headers ka istemal karna, jo attacker ke liye prediction karna mushkil ho.

In tareekon ka istemal karke, developers aur websites CSRF attacks se apne users ko bacha sakte hain.

bhai crosssite foregery request samjhao na koi

1 Answer

Questions

Question stats

1 Answer

Questions

Question stats

Related Questions

CSS – Cryptography & System Security IMP Questions for IA 2

Give the format of X.509 digital certificate and explain the use of a digital signature in it

Explain digital signature scheme RSA.

Trending now