How are cross-site request forgery and cross-site scripting different?

Often CSRF and XSS are confused with each other. While there are some similarities, there are two different types of cyber threats. CSRF attacks exploit the trust that a web application has in an authenticated user. On the other hand, an XSS attack exploit the trust that a user has in a web application.

Is cross-site request forgery a cyberattack?

Yes. It is a type of cyberattack in which a victim user unintentionally performs a state-changing request as tricked by a bad actor. This results in unintended actions such as changing the password or email.

CSRF tokens: what are they?

It is a special type of token, specially crafted to protect web apps from bad or unauthorized requests. It is also known as a synchronizer or challenge token. It is unique for every web user session. It is checked by the server to determine the legitimacy of a request. They are unpredictable and generated with strong entropy.

Cross Site Request Forgery: Definition with Prevention Tips