Fortify - Application Security
Recent statistics show that almost half of breaches that cause material damage occur via applications. HP Fortify provides software and services that help organization secure applications to prevent those attacks. This blog serves as a platform for our penetration testers, product managers and marketers, and software engineers to provide analysis and insight regarding both web application security and how organizations can utilize our products and services to better secure their applications. For more information, visit

Understanding and Validating Cross-site Request Forgery

Screen Shot 2013-06-11 at 8.49.46 AM.png


Cross-site Request Forgery--often written CSRF and pronounced "Sea-surf"--is a common web applicaiton vulnerability that's far too misunderstood. It's stunning to see the number of experienced professionals in our space who struggle even to describe how CSRF differs from XSS--let alone how to validate it or defend against it.


This article will discuss the basics of the vulnerability, how to validate that it's present in real-world applications, some common attack vectors, and ways to defend against it.


Tags: appsec| CSRF| infosec
Labels: appsec| csrf| infosec
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.