Preparation for Recitation 24

Read the paper on Cross-Site Request Forgery.

Please answer the following question:

1. What does an attacker take advantage of in a CSRF attack? (Perhaps consider an example where Alice is authenticated into her bank account in one tab of her browser and she is browsing a forum in another tab. How might an attacker interact with Alice on the forum to perform a CSRF attack if the bank website does not have any protection?)

2. How can using the Origin Header in requests prevent CSRF attacks?

Questions or comments regarding 6.033? Send e-mail to the 6.033 staff at 6.033-staff at mit.edu or to the 6.033 TAs at 6.033-tas at mit.edu.

Top // 6.033 home //