Spring 2014

Preparation for Recitation 24

Read the paper on Cross-Site Request Forgery.

Please answer the following question:

1. What does an attacker take advantage of in a CSRF attack? (Perhaps consider an example where Alice is authenticated into her bank account in one tab of her browser and she is browsing a forum in another tab. How might an attacker interact with Alice on the forum to perform a CSRF attack if the bank website does not have any protection?)

2. How can using the Origin Header in requests prevent CSRF attacks?

Questions or comments regarding 6.033? Send e-mail to the 6.033 staff at or to the 6.033 TAs at .

Top // 6.033 home //