Information Security Officer Question:
Download Questions PDF

Tell me what is Cross-Site Request Forgery?

Answer:

Not knowing this is more forgivable than not knowing what XSS is, but only for junior positions. Desired answer: when an attacker gets a victim’s browser to make requests, ideally with their credentials included, without their knowing. A solid example of this is when an IMG tag points to a URL associated with an action, e.g. http://foo.com/logout/. A victim just loading that page could potentially get logged out from foo.com, and their browser would have made the action, not them (since browsers load all IMG tags automatically).

Download Information Security Professional Interview Questions And Answers PDF

Previous QuestionNext Question
Tell me are open-source projects more or less secure than proprietary ones?Tell me what is a pentest?