Cross-site request forgery TL;DR: Attacker-controlled site causes the victim’s browser to issue an authenticated state-changing request. Stub — to be filled in. What it is TODO Preconditions / where it applies TODO Technique TODO Detection and defence TODO References https://portswigger.net/web-security/csrf