[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Threats](https://www.paloaltonetworks.com/cyberpedia/threat?ts=markdown) 3. [Cyber Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) 4. [What Is CSRF (Cross-Site Request Forgery)?](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery?ts=markdown) Table of Contents * [What Is a Cyber Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) * [Threat Overview: Cyber Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#threat?ts=markdown) * [Cyber Attack Types at a Glance](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#cyber?ts=markdown) * [Global Cyber Attack Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#global?ts=markdown) * [Cyber Attack Taxonomy](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#taxonomy?ts=markdown) * [Threat-Actor Landscape](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#landscape?ts=markdown) * [Attack Lifecycle and Methodologies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#methodologies?ts=markdown) * [Technical Deep Dives](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#technical?ts=markdown) * [Cyber Attack Case Studies](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#studies?ts=markdown) * [Tools, Platforms, and Infrastructure](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#tools?ts=markdown) * [The Effect of Cyber Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#effect?ts=markdown) * [Detection, Response, and Intelligence](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#detection?ts=markdown) * [Emerging Cyber Attack Trends](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#trends?ts=markdown) * [Testing and Validation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#testing?ts=markdown) * [Metrics and Continuous Improvement](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#metrics?ts=markdown) * [Cyber Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack#faqs?ts=markdown) * [What Is a Zero-Day Attack? Risks, Examples, and Prevention](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention?ts=markdown) * [Zero-Day Attacks Explained](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#explained?ts=markdown) * [Zero-Day Vulnerability vs. Zero-Day Attack vs. CVE](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#vs?ts=markdown) * [How Zero-Day Exploits Work](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#how?ts=markdown) * [Common Zero-Day Attack Vectors](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#common?ts=markdown) * [Why Zero-Day Attacks Are So Effective and Their Consequences](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#why?ts=markdown) * [How to Prevent and Mitigate Zero-Day Attacks](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#prevent?ts=markdown) * [The Role of AI in Zero-Day Defense](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#role?ts=markdown) * [Real-World Examples of Zero-Day Attacks](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#examples?ts=markdown) * [Zero-Day Attacks FAQs](https://www.paloaltonetworks.com/cyberpedia/zero-day-attacks-explained-risks-examples-prevention#faqs?ts=markdown) * [What Is Lateral Movement?](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown) * [Why Attackers Use Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#why?ts=markdown) * [How Do Lateral Movement Attacks Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#how?ts=markdown) * [Stages of a Lateral Movement Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#stages?ts=markdown) * [Techniques Used in Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#technicques?ts=markdown) * [Detection Strategies for Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#detection?ts=markdown) * [Tools to Prevent Lateral Movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#tools?ts=markdown) * [Best Practices for Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#best?ts=markdown) * [Recent Trends in Lateral Movement Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#recent?ts=markdown) * [Industry-Specific Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#industry?ts=markdown) * [Compliance and Regulatory Requirements](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#compliance?ts=markdown) * [Financial Impact and ROI Considerations](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#financial?ts=markdown) * [Common Mistakes to Avoid](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#common?ts=markdown) * [Lateral Movement FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement#faqs?ts=markdown) * [What is a Botnet?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet?ts=markdown) * [How Botnets Work](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#how?ts=markdown) * [Why are Botnets Created?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#why?ts=markdown) * [What are Botnets Used For?](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#what?ts=markdown) * [Types of Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#types?ts=markdown) * [Signs Your Device May Be in a Botnet](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#signs?ts=markdown) * [How to Protect Against Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#protect?ts=markdown) * [Why Botnets Lead to Long-Term Intrusions](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#intrusions?ts=markdown) * [How To Disable a Botnet](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#disable?ts=markdown) * [Tools and Techniques for Botnet Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#tools?ts=markdown) * [Real-World Examples of Botnets](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#examples?ts=markdown) * [Botnet FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-botnet#faqs?ts=markdown) * [What is a Payload-Based Signature?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature?ts=markdown) * [Importance of Payload-Based Signatures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#important?ts=markdown) * [How Payload-Based Signatures Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#how?ts=markdown) * [Advantages of Payload-Based Signatures](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#advantages?ts=markdown) * [Use Cases of Payload-Based Signatures in Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#usecases?ts=markdown) * [Payload-Based Signatures FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-payload-based-signature#faqs?ts=markdown) * [Dark Web Leak Sites: Key Insights for Security Decision Makers](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site?ts=markdown) * [Dark Web Leak Sites Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#dark?ts=markdown) * [Evolving Extortion Tactics](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#tactics?ts=markdown) * [The Role of Leak Sites in Ransomware Double Extortion](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#role?ts=markdown) * [Critical Risks Exposed by Data Leak Sites](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#critical?ts=markdown) * [Anatomy of a Dark Web Leak Site](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#anatomy?ts=markdown) * [Proactive Defense: How Organizations Can Mitigate Dark Web Leaks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#proactive?ts=markdown) * [Dark Web Leak Site FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#faqs?ts=markdown) * [What to Do If Your Organization Appears on a Dark Web Leak Site](https://www.paloaltonetworks.com/cyberpedia/what-is-a-dark-web-leak-site#appears?ts=markdown) * [What is Spyware?](https://www.paloaltonetworks.com/cyberpedia/what-is-spyware?ts=markdown) * [Cybercrime: The Underground Economy](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy?ts=markdown) * [Products](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#products?ts=markdown) * [Services](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#services?ts=markdown) * [Cybercrime FAQs](https://www.paloaltonetworks.com/cyberpedia/cybercrime-the-underground-economy#faqs?ts=markdown) * [What Is Cross-Site Scripting (XSS)?](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting?ts=markdown) * [XSS Explained](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#xss?ts=markdown) * [Evolution in Attack Complexity](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#evolution?ts=markdown) * [Anatomy of a Cross-Site Scripting Attack](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#anatomy?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#integration?ts=markdown) * [Widespread Exposure in the Wild](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#widespread?ts=markdown) * [Cross-Site Scripting Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#indicators?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#mitigation?ts=markdown) * [Response and Recovery Post XSS Attack](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#response?ts=markdown) * [Strategic Cross-Site Scripting Risk Perspective](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#strategic?ts=markdown) * [Cross-Site Scripting FAQs](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting#faqs?ts=markdown) * [What Is a Dictionary Attack?](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack?ts=markdown) * [Dictionary Attack Explained](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#dictionary?ts=markdown) * [How Dictionary Attacks Work](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#how?ts=markdown) * [Dictionary Attack in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#lifecycle?ts=markdown) * [Dictionary Attack in the Real World](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#examples?ts=markdown) * [Dictionary Attack Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#indicators?ts=markdown) * [Preventing and Mitigating Dictionary Attack](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#preventing?ts=markdown) * [Attack Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#recovery?ts=markdown) * [Dictionary Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/dictionary-attack#faqs?ts=markdown) * [What Is a Credential-Based Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack?ts=markdown) * [Credential-Based Attack Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#credential?ts=markdown) * [How Credential-Based Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#how?ts=markdown) * [Variations on Credential-Based Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#variations?ts=markdown) * [Preventing Credential-Based Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#preventing?ts=markdown) * [Credential-Based Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-credential-based-attack#faqs?ts=markdown) * [What Is a Denial of Service (DoS) Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos?ts=markdown) * [How Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#how?ts=markdown) * [Denial-of-Service in Adversary Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#denial?ts=markdown) * [Real-World Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#attacks?ts=markdown) * [Detection and Indicators of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#detection?ts=markdown) * [Prevention and Mitigation of Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#prevention?ts=markdown) * [Response and Recovery from Denial-of-Service Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#response?ts=markdown) * [Operationalizing Denial-of-Service Defense](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#defense?ts=markdown) * [DoS Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-denial-of-service-attack-dos#faqs?ts=markdown) * [What Is Hacktivism?](https://www.paloaltonetworks.com/cyberpedia/hacktivism?ts=markdown) * [Hacktivism Explained](https://www.paloaltonetworks.com/cyberpedia/hacktivism#explained?ts=markdown) * [Origins and Definitions](https://www.paloaltonetworks.com/cyberpedia/hacktivism#origins?ts=markdown) * [Forms and Methods](https://www.paloaltonetworks.com/cyberpedia/hacktivism#forms?ts=markdown) * [Related Practices](https://www.paloaltonetworks.com/cyberpedia/hacktivism#related?ts=markdown) * [Who Do Hacktivists Target?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#who?ts=markdown) * [What Motivates Hacktivists?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#what?ts=markdown) * [Is Hacktivism Ethical?](https://www.paloaltonetworks.com/cyberpedia/hacktivism#ethical?ts=markdown) * [Hacktivism FAQs](https://www.paloaltonetworks.com/cyberpedia/hacktivism#faqs?ts=markdown) * [What Is a DDoS Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) * [Threat Overview](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#threat?ts=markdown) * [How Distributed Denial-of-Service Attacks Work](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#how?ts=markdown) * [DDoS in Multistage Attack Campaigns](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#ddos?ts=markdown) * [Real-World DDoS Incidents and Organizational Impact](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#impact?ts=markdown) * [DDoS Attack Detection Indicators](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#indicators?ts=markdown) * [DDoS Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#mitigation?ts=markdown) * [DDoS Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#recovery?ts=markdown) * [Distributed Denial of Service FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack#faqs?ts=markdown) * What Is CSRF (Cross-Site Request Forgery)? * [CSRF Explained](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#csrf?ts=markdown) * [How Cross-Site Request Forgery Works](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#how?ts=markdown) * [Where CSRF Fits in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#where?ts=markdown) * [CSRF in Real-World Exploits](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#exploits?ts=markdown) * [Detecting CSRF Through Behavioral and Telemetry Signals](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#detecting?ts=markdown) * [Defending Against Cross-Site Request Forgery](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#defending?ts=markdown) * [Responding to a CSRF Incident](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#responding?ts=markdown) * [CSRF as a Strategic Business Risk](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#risk?ts=markdown) * [Key Priorities for CSRF Defense and Resilience](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#key?ts=markdown) * [Cross-Site Request Forgery FAQs](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#faqs?ts=markdown) * [What Is Spear Phishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing?ts=markdown) * [Spear Phishing Email Tactics](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#what?ts=markdown) * [How Does Spear Phishing Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#how?ts=markdown) * [Types of Spear Phishing Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#types?ts=markdown) * [Examples of Spear Phishing Attacks](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#examples?ts=markdown) * [How to Protect Yourself from Spear Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#protect?ts=markdown) * [If You Fall Victim to Spear Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#victim?ts=markdown) * [Spear Phishing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing#faq?ts=markdown) * [What Is Brute Force?](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown) * [How Brute Force Functions as a Threat](https://www.paloaltonetworks.com/cyberpedia/brute-force#how?ts=markdown) * [How Brute Force Works in Practice](https://www.paloaltonetworks.com/cyberpedia/brute-force#practice?ts=markdown) * [Brute Force in Multistage Attack Campaigns](https://www.paloaltonetworks.com/cyberpedia/brute-force#brute?ts=markdown) * [Real-World Brute Force Campaigns and Outcomes](https://www.paloaltonetworks.com/cyberpedia/brute-force#outcomes?ts=markdown) * [Detection Patterns in Brute Force Attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force#detection?ts=markdown) * [Practical Defense Against Brute Force Attacks](https://www.paloaltonetworks.com/cyberpedia/brute-force#defense?ts=markdown) * [Response and Recovery After a Brute Force Incident](https://www.paloaltonetworks.com/cyberpedia/brute-force#response?ts=markdown) * [Brute Force Attack FAQs](https://www.paloaltonetworks.com/cyberpedia/brute-force#faqs?ts=markdown) * [What is a Command and Control Attack?](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained?ts=markdown) * [How a Command and Control Attack Works](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#how?ts=markdown) * [Types of Command and Control Techniques](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#types?ts=markdown) * [Devices Targeted by C\&C](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#devices?ts=markdown) * [What Hackers Can Accomplish Through Command and Control](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#what?ts=markdown) * [Command and Control FAQs](https://www.paloaltonetworks.com/cyberpedia/command-and-control-explained#faqs?ts=markdown) * [What Is an Advanced Persistent Threat?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt?ts=markdown) * [Characteristics of Advanced Persistent Threats](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#characteristics?ts=markdown) * [What Techniques Are Used for APT Attacks?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#techniques?ts=markdown) * [What Are the Stages of an APT Attack?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#stages?ts=markdown) * [What Is the Defense Against APT?](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#defense?ts=markdown) * [Real-World Example of an APT Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#realworld?ts=markdown) * [Advanced Persistent Threat FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-advanced-persistent-threat-apt#faqs?ts=markdown) * [What is an Exploit Kit?](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit?ts=markdown) * [Landing Page](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#landing?ts=markdown) * [Exploit](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#exploit?ts=markdown) * [Payload](https://www.paloaltonetworks.com/cyberpedia/what-is-an-exploit-kit#payload?ts=markdown) * [What Is Credential Stuffing?](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing?ts=markdown) * [Credential Stuffing Explained](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#credential?ts=markdown) * [Automated Exploitation of Reused Credentials](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#automated?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#integration?ts=markdown) * [Credential Stuffing Attacks in the Real World](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#stuffing?ts=markdown) * [Responding and Recovering from Credential Stuffing](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#responding?ts=markdown) * [Credential Stuffing FAQs](https://www.paloaltonetworks.com/cyberpedia/credential-stuffing#faqs?ts=markdown) * [What Is Smishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing?ts=markdown) * [How to Spot a Smishing Attempt](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#spot-smishing-attempt?ts=markdown) * [How to Avoid Being Smished](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#avoid-being-smished?ts=markdown) * [Smishing FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-smishing#faqs?ts=markdown) * [What is Social Engineering?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering?ts=markdown) * [The Role of Human Psychology in Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#role?ts=markdown) * [How Has Social Engineering Evolved?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#historical?ts=markdown) * [How Does Social Engineering Work?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#how?ts=markdown) * [Phishing vs Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#phishing?ts=markdown) * [What is BEC (Business Email Compromise)?](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#bec?ts=markdown) * [Notable Social Engineering Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#notable?ts=markdown) * [Social Engineering Prevention](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#social?ts=markdown) * [Consequences of Social Engineering](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#consequences?ts=markdown) * [Social Engineering FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-social-engineering#faqs?ts=markdown) * [What Is a Honeypot?](https://www.paloaltonetworks.com/cyberpedia/honeypots?ts=markdown) * [Threat Overview: Honeypot](https://www.paloaltonetworks.com/cyberpedia/honeypots#threat?ts=markdown) * [Honeypot Exploitation and Manipulation Techniques](https://www.paloaltonetworks.com/cyberpedia/honeypots#honeypot?ts=markdown) * [Positioning Honeypots in the Adversary Kill Chain](https://www.paloaltonetworks.com/cyberpedia/honeypots#positioning?ts=markdown) * [Honeypots in Practice: Breaches, Deception, and Blowback](https://www.paloaltonetworks.com/cyberpedia/honeypots#blowback?ts=markdown) * [Detecting Honeypot Manipulation and Adversary Tactics](https://www.paloaltonetworks.com/cyberpedia/honeypots#tactics?ts=markdown) * [Safeguards Against Honeypot Abuse and Exposure](https://www.paloaltonetworks.com/cyberpedia/honeypots#safeguards?ts=markdown) * [Responding to Honeypot Exploitation or Compromise](https://www.paloaltonetworks.com/cyberpedia/honeypots#compromise?ts=markdown) * [Honeypot FAQs](https://www.paloaltonetworks.com/cyberpedia/honeypots#faqs?ts=markdown) * [What Is Password Spraying?](https://www.paloaltonetworks.com/cyberpedia/password-spraying?ts=markdown) * [Password Spraying Explained](https://www.paloaltonetworks.com/cyberpedia/password-spraying#password?ts=markdown) * [How Password Spraying Works](https://www.paloaltonetworks.com/cyberpedia/password-spraying#works?ts=markdown) * [Password Spraying in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/password-spraying#attack?ts=markdown) * [Real-World Examples of Password Spraying Attacks](https://www.paloaltonetworks.com/cyberpedia/password-spraying#realworld?ts=markdown) * [Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/password-spraying#detection?ts=markdown) * [Preventing and Mitigating Password Spraying Attacks](https://www.paloaltonetworks.com/cyberpedia/password-spraying#mitigating?ts=markdown) * [Responding to Password Spraying](https://www.paloaltonetworks.com/cyberpedia/password-spraying#responding?ts=markdown) * [Password Spraying FAQs](https://www.paloaltonetworks.com/cyberpedia/password-spraying#faqs?ts=markdown) * [How to Break the Cyber Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle?ts=markdown) * [1. Reconnaissance:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#reconnaissance?ts=markdown) * [2. Weaponization and Delivery:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#weaponization?ts=markdown) * [3. Exploitation:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#exploitation?ts=markdown) * [4. Installation:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#installation?ts=markdown) * [5. Command and Control:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#command?ts=markdown) * [6. Actions on the Objective:](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#actions?ts=markdown) * [Cyber Attack Lifecycle FAQs](https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle#faqs?ts=markdown) * [What Is Phishing?](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown) * [Phishing Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#phishing?ts=markdown) * [The Evolution of Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#?ts=markdown) * [The Anatomy of a Phishing Attack](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#anatomy?ts=markdown) * [Why Phishing Is Difficult to Detect](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#detect?ts=markdown) * [Types of Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#types?ts=markdown) * [Phishing Adversaries and Motives](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#motives?ts=markdown) * [The Psychology of Exploitation](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#psychology?ts=markdown) * [Lessons from Phishing Incidents](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#lessons?ts=markdown) * [Building a Modern Security Stack Against Phishing](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#building?ts=markdown) * [Building Organizational Immunity](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#immunity?ts=markdown) * [Phishing FAQ](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing#faqs?ts=markdown) * [What Is a Rootkit?](https://www.paloaltonetworks.com/cyberpedia/rootkit?ts=markdown) * [Rootkit Classification and Technical Definition](https://www.paloaltonetworks.com/cyberpedia/rootkit#rootkit?ts=markdown) * [Types of Rootkits](https://www.paloaltonetworks.com/cyberpedia/rootkit#types?ts=markdown) * [Rootkit Installation and Execution Flow](https://www.paloaltonetworks.com/cyberpedia/rootkit#installation?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/rootkit#integration?ts=markdown) * [Cyberattacks Involving Rootkits in the News](https://www.paloaltonetworks.com/cyberpedia/rootkit#cyberattacks?ts=markdown) * [Rootkit Detection and Indicators](https://www.paloaltonetworks.com/cyberpedia/rootkit#indicators?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/rootkit#prevention?ts=markdown) * [Responding to Rootkit-Related Attacks](https://www.paloaltonetworks.com/cyberpedia/rootkit#responding?ts=markdown) * [Rootkit FAQs](https://www.paloaltonetworks.com/cyberpedia/rootkit#faqs?ts=markdown) * [Browser Cryptocurrency Mining](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining?ts=markdown) * [How It Works](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#works?ts=markdown) * [How to Defend Against It](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#defend?ts=markdown) * [Browser Cryptocurrency Mining FAQs](https://www.paloaltonetworks.com/cyberpedia/threat-brief-browser-cryptocurrency-mining#faqs?ts=markdown) * [What Is Pretexting?](https://www.paloaltonetworks.com/cyberpedia/pretexting?ts=markdown) * [Pretexting Explained](https://www.paloaltonetworks.com/cyberpedia/pretexting#pretexting?ts=markdown) * [Evolution of the Attack Technique](https://www.paloaltonetworks.com/cyberpedia/pretexting#evolution?ts=markdown) * [How Pretexting Works](https://www.paloaltonetworks.com/cyberpedia/pretexting#how?ts=markdown) * [Integration in the Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/pretexting#integration?ts=markdown) * [Real-World Examples](https://www.paloaltonetworks.com/cyberpedia/pretexting#examples?ts=markdown) * [Pretexting Detection Tactics in Live Environments](https://www.paloaltonetworks.com/cyberpedia/pretexting#detection?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/pretexting#mitigation?ts=markdown) * [Pretexting FAQs](https://www.paloaltonetworks.com/cyberpedia/pretexting#faqs?ts=markdown) * [What Is Cryptojacking?](https://www.paloaltonetworks.com/cyberpedia/cryptojacking?ts=markdown) * [Understanding Cryptojacking](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#understanding?ts=markdown) * [Types of Cryptojacking and Resource Abuse Attacks](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#types?ts=markdown) * [How Cryptojacking Works](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#how?ts=markdown) * [Cryptojacking in the Adversary Kill Chain](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#chain?ts=markdown) * [Real-World Cases of Cryptojacking](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#cases?ts=markdown) * [Prevention and Mitigation](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#prevention?ts=markdown) * [Response and Recovery](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#response?ts=markdown) * [Cryptojacking FAQs](https://www.paloaltonetworks.com/cyberpedia/cryptojacking#faqs?ts=markdown) # What Is CSRF (Cross-Site Request Forgery)? 5 min. read Table of Contents * * [CSRF Explained](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#csrf?ts=markdown) * [How Cross-Site Request Forgery Works](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#how?ts=markdown) * [Where CSRF Fits in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#where?ts=markdown) * [CSRF in Real-World Exploits](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#exploits?ts=markdown) * [Detecting CSRF Through Behavioral and Telemetry Signals](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#detecting?ts=markdown) * [Defending Against Cross-Site Request Forgery](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#defending?ts=markdown) * [Responding to a CSRF Incident](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#responding?ts=markdown) * [CSRF as a Strategic Business Risk](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#risk?ts=markdown) * [Key Priorities for CSRF Defense and Resilience](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#key?ts=markdown) * [Cross-Site Request Forgery FAQs](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#faqs?ts=markdown) 1. CSRF Explained * * [CSRF Explained](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#csrf?ts=markdown) * [How Cross-Site Request Forgery Works](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#how?ts=markdown) * [Where CSRF Fits in the Broader Attack Lifecycle](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#where?ts=markdown) * [CSRF in Real-World Exploits](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#exploits?ts=markdown) * [Detecting CSRF Through Behavioral and Telemetry Signals](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#detecting?ts=markdown) * [Defending Against Cross-Site Request Forgery](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#defending?ts=markdown) * [Responding to a CSRF Incident](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#responding?ts=markdown) * [CSRF as a Strategic Business Risk](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#risk?ts=markdown) * [Key Priorities for CSRF Defense and Resilience](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#key?ts=markdown) * [Cross-Site Request Forgery FAQs](https://www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery#faqs?ts=markdown) Cross-site request forgery (CSRF) is a web security vulnerability that tricks authenticated users into submitting unintended requests. By exploiting session-based authentication, attackers can perform unauthorized actions on behalf of the user --- such as changing settings or initiating transactions --- without their knowledge or consent, compromising the integrity of user-driven operations. ## CSRF Explained Cross-site request forgery (CSRF) is a web application [cyber attack](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cyber-attack?ts=markdown) that abuses the trust a site places in a user's browser. When a user is authenticated --- typically through session cookies --- their browser automatically includes those credentials in outbound requests. CSRF exploits that behavior by tricking the browser into issuing a forged HTTP request to a trusted application, which then executes it as if it originated from the user. Unlike attacks that compromise the client or server directly, CSRF hijacks the implicit trust between them. The attacker doesn't intercept or steal credentials. Instead, they craft a request the browser will unknowingly send, often embedded in an image tag, hidden form, or malicious JavaScript hosted elsewhere. CSRF is categorized under CWE-352: Cross-Site Request Forgery and plays a supporting role in [MITRE ATT\&CK techniques](https://www.paloaltonetworks.com/cyberpedia/what-are-mitre-attack-techniques?ts=markdown) such as T1530 when attackers aim to persist or escalate privilege using hijacked sessions or stolen tokens. ### Related Cyber Threats CSRF often appears under alternate names, including session riding, one-click attack, and sea surf. All describe a single mechanism: triggering a legitimate request from a trusted browser session without user consent. It shares surface similarities with threats like clickjacking or [cross-site scripting (XSS)](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting?ts=markdown), but the mechanics differ. CSRF doesn't require code injection or visual trickery. The success of the attack depends entirely on the presence of an active session and a predictable endpoint that performs a state-changing action. Confusion sometimes arises between CSRF and logic flaws in session handling or token management. Those may compound the threat but do not define it. ### From Legacy Flaw to Persistent Risk In the early web, CSRF thrived in environments where server-side logic implicitly trusted browser-originated requests. Without distinguishing between user intent and passive browser behavior, early applications allowed sensitive operations --- password resets, fund transfers, permission changes --- to be triggered without challenge. An attacker only needed to embed a GET or POST request in a malicious page and wait for the victim to visit it while logged in elsewhere. As awareness grew, frameworks responded with anti-forgery tokens and request validation mechanisms. Modern browsers introduced the SameSite cookie attribute, limiting when session cookies accompany cross-origin requests. Despite those advances, CSRF remains a live threat. Many applications --- especially those running on legacy codebases or integrating with third-party components --- still rely on session cookies without enforcing CSRF protections. Even newer systems sometimes misapply or disable built-in defenses to resolve compatibility issues or performance concerns. CSRF persists not because it's sophisticated, but because it's easy to overlook in complex, multisession environments. Any application that accepts state-changing requests based solely on session cookies, without validating user intent, remains exposed. ## How Cross-Site Request Forgery Works At its core, a CSRF attack abuses the browser's automatic behavior --- specifically, its tendency to send stored authentication tokens like cookies along with every request to a given origin. Once a user authenticates to a site, their browser will continue to send the session cookie with subsequent requests, whether those requests originate from the user's action or from a third-party origin. An attacker crafts a malicious web page or embeds a request in an email, ad, or compromised site. When the victim interacts with this malicious content while still authenticated to the target application, their browser unwittingly submits a forged request. The server, unaware that the request lacks user intent, processes it normally --- changing settings, executing transactions, or triggering business logic under the assumption that the user initiated it. ### Step-by-Step Exploit Path 1. **User logs into** a trusted web application that uses cookie-based session authentication. 2. **Session cookie is stored** by the browser and automatically included with requests to the application's domain. 3. **Attacker crafts a request** targeting a sensitive operation --- such as POST /transfer-funds or GET /delete-account. 4. **Malicious content is delivered** to the user through a separate origin (e.g., a [phishing email](https://www.paloaltonetworks.com/cyberpedia/what-is-phishing?ts=markdown), compromised blog, ad network). 5. **User unknowingly triggers the payload** by visiting the attacker's site or clicking a disguised element. 6. **Browser submits the forged request** along with the valid session cookie. 7. **Server processes the action** because it sees a valid session and lacks CSRF protections. The entire attack can execute without the user seeing a new page or realizing an action occurred. ### Delivery Mechanisms in the Wild CSRF payloads often ride through: * Hidden forms with auto-submitting JavaScript: ![Hidden forms with auto-submitting JavaScript](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/csrf-cross-site-request-forgery/code-snippet-html-01.png) * Image tags triggering GET requests: ![Image tags triggering GET requests](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/csrf-cross-site-request-forgery/code-snippet-html-02.png) * Anchor links camouflaged as buttons or fake download prompts. CSRF doesn't require JavaScript or advanced tooling. Its power lies in its simplicity and reliance on default browser behavior. ### Conditions That Make CSRF Viable **Exploited application layer weaknesses:** * State-changing endpoints lack CSRF tokens * Session is authenticated via cookies or bearer tokens stored in browser-managed storage * Request methods like GET or POST are improperly validated * CORS is overly permissive or misconfigured **Human factors:** * Users remain logged in across sessions and tabs * Security training does not emphasize secure logout practices * Phishing awareness does not cover indirect attacks **Infrastructure and API weaknesses:** * APIs designed without explicit user intent verification * Cloud apps that embed legacy form-based actions within SPAs * Multitenant environments that reuse session tokens across services CSRF becomes especially dangerous in environments with [microservices](https://www.paloaltonetworks.com/cyberpedia/what-are-microservices?ts=markdown) or third-party integrations where implicit trust exists between domains. ### Variants and Evasive Tactics Modern CSRF payloads may evade traditional controls by: * **Targeting JSON-based endpoints** with application/json headers, bypassing defenses that only monitor application/x-www-form-urlencoded * **Encoding payloads inside CORS preflights** or combining them with open redirect exploits * **Leveraging login CSRF** to bind a session to the attacker's account credentials * **Abusing mobile apps or thin clients** that inherit browser behavior without explicit CSRF protection In high-value targets, attackers may pair CSRF with credential phishing, session fixation, or reflected XSS to chain exploits and gain deeper access. ### Modern Example: Exploiting a Cloud Admin Panel An attacker identifies that a legacy cloud admin panel uses session-based auth and accepts unauthenticated POST requests to modify [IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown) policies. The attacker sends a crafted link to a user who is authenticated to the cloud dashboard. Upon click, the user's browser submits a POST request adding the attacker's service account to a privileged role. The action executes with full administrative authority --- without ever prompting for verification --- because the server blindly trusts the session. No [MFA](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown), no CSRF token, no origin check. A five-line payload creates persistent access in seconds. ## Where CSRF Fits in the Broader Attack Lifecycle Cross-site request forgery is not typically used for initial access. Instead, it functions as a post-authentication exploit that assumes a compromised condition: an authenticated session and a user actively logged into a target application. In the adversary's toolkit, CSRF becomes relevant once access has been established --- whether through phishing, open redirection, or social engineering. Attackers use CSRF to leverage stolen trust, not to obtain it. It fits best in scenarios where users operate within privileged interfaces and session validation is weak or misapplied. The goal is to piggyback on legitimate access to execute state-changing requests without consent. This positions CSRF as an escalation or action phase tactic within a broader kill chain. ### Common Kill Chain Placement 1. **Reconnaissance**: The attacker maps applications that use cookie-based auth and lack CSRF protections. 2. **Initial Access**: Delivered via phishing, drive-by download, or a compromised trusted site hosting a CSRF payload. 3. **Execution**: The user triggers the CSRF vector, often unknowingly, while authenticated. 4. **Privilege Escalation or Impact**: The action modifies account settings, permission scopes, API keys, or data records. In environments where cloud admin consoles, internal dashboards, or privileged portals remain accessible via browser, CSRF becomes a surgical tool to elevate access or embed persistence --- without ever touching the credentials. ### Dependencies That Enable CSRF * Session cookies or bearer tokens stored in browser-controlled storage * User remains logged in across tabs, windows, or sessions * Endpoints allow state-changing actions via GET or POST without verification * Lack of CSRF tokens, SameSite cookie flags, or Origin/Referer validation CSRF does not require the attacker to control the network, inject JavaScript, or break encryption. It only requires that the browser behaves predictably and the server fails to verify intent. ### Chainable with Other Threats * **Phishing + CSRF**: Phishing gains initial click or trust. CSRF executes post-login actions. * **Open Redirects + CSRF**: Redirects funnel users into pages with CSRF payloads. * **Session Fixation + CSRF**: Fixated session tokens ensure the user is authenticated into a session attacker controls. * **Stored XSS + CSRF**: A stored XSS payload injects CSRF forms directly into the DOM, chaining execution within the same domain. In sophisticated intrusions, CSRF may operate as part of multi-vector campaigns, where the attacker seeks to operate silently under the guise of normal user behavior. For example, creating a new SAML identity provider via CSRF in a cloud dashboard grants external persistence under the radar of most detection controls. ### Illustrative Scenario: Supply Chain Manipulation An attacker targets a software vendor that uses a web portal for partner API registration. After phishing a user to land a CSRF payload, the attacker forges a POST request that registers a malicious endpoint as a trusted webhook. The result: a silent foothold in the vendor's production pipeline --- no alerts, no login attempts, just an abuse of assumed trust. ## CSRF in Real-World Exploits ### GitHub's OAuth CSRF Exposure In 2022, GitHub patched a vulnerability in its OAuth flow that could have allowed a CSRF attack during third-party application authorization. The flaw emerged in the absence of a correctly implemented state parameter --- a vital anti-CSRF mechanism in OAuth 2.0. Without the state value, attackers could craft a URL that tricked users into granting unintended access to malicious applications impersonating legitimate ones. While GitHub responded before any abuse was reported, the scenario illustrated a critical point: even security-mature organizations can overlook CSRF protections in federated flows. OAuth and SSO integrations, increasingly common in enterprise [SaaS](https://www.paloaltonetworks.com/cyberpedia/what-is-saas?ts=markdown), are fertile ground for CSRF if developers misconfigure token exchanges or omit verification safeguards. ### Tesla Bug Bounty: Remote Vehicle Commands via CSRF In 2017, a researcher discovered a critical CSRF vulnerability in Tesla's web interface that allowed a forged request to issue remote vehicle commands, such as unlocking doors or controlling climate systems. If a Tesla owner visited a malicious site while logged into their Tesla account, the attacker could silently control the vehicle in real time. Tesla awarded a substantial bug bounty and swiftly mitigated the issue by tightening CSRF protections and session validation. The incident reinforced that CSRF can cross from web applications into physical domains where actions have kinetic consequences. ### Ubiquiti's Router Management Panel Exposure Ubiquiti, a well-known networking hardware vendor, faced a CSRF vulnerability in its router configuration interface. Attackers could change DNS settings or update firmware remotely if a user visited a malicious site while authenticated to the router. Since most users never logged out of their router admin panels, the exposure window remained wide. This case highlighted a recurring problem in embedded systems and consumer-grade interfaces: limited CSRF protections combined with always-on sessions create easy targets for adversaries with little more than a browser and a crafted HTML form. ### Industry Patterns and Trends **SaaS and enterprise dashboards** remain prime targets, especially those that offer administrative features over web interfaces. Identity providers, billing portals, and account settings pages carry out high-risk operations that, when left unprotected, become CSRF vectors for access manipulation and privilege escalation. **Healthcare applications**, especially patient portals, have been found vulnerable to CSRF in scenarios involving unauthorized data modification. In regulated sectors, even a single forged request affecting medical records or access logs can trigger compliance violations and litigation. **Cloud providers and DevOps platforms** expose CSRF risk where internal tooling is rushed or undocumented. Several cloud-based [CI/CD](https://www.paloaltonetworks.com/cyberpedia/what-is-the-ci-cd-pipeline-and-ci-cd-security?ts=markdown) tools have issued quiet patches to address CSRF in webhook management, environment configuration, and access token generation. ### Detection Remains Elusive CSRF often flies under the radar. Unlike injection attacks, it leaves no obvious exploit signature. There is no malformed payload, no privilege escalation event, and no suspicious login pattern --- just a legitimate request made from a trusted browser with a valid session. Detection strategies rely on correlation --- matching suspicious user behavior (like unexpected fund transfers) against the absence of UI interaction or inconsistent referrer headers. Many organizations only discover CSRF abuse post-incident, when anomalous actions trigger financial audits or compliance checks. CSRF is rarely the star of a breach report. Its quiet nature and dependency on user context make it a supporting actor in larger attacks. But when it appears, it bypasses defenses most security teams consider sufficient. Organizations that handle sensitive workflows through web interfaces must treat CSRF not as legacy risk, but as an active adversary tactic worthy of the same vigilance applied to phishing, [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware?ts=markdown), and privilege escalation. ## Detecting CSRF Through Behavioral and Telemetry Signals Unlike injection attacks or malware implants, cross-site request forgery rarely produces a noisy footprint. No malformed payload enters the system. No user account is breached through login. The browser itself becomes the delivery mechanism, sending a forged --- but fully valid --- request using an active session. As a result, CSRF evades most signature-based or rule-based detection engines. Detection requires looking for subtle signals of intent mismatch --- where the session is legitimate, but the context surrounding the action contradicts normal user behavior. ### Indicators of Compromise and Anomalous Patterns **Key IOCs and suspicious artifacts include:** * Missing or empty Referer headers on sensitive operations * Cross-origin Referer or Origin headers when action endpoints are intended for same-origin use only * Unusual User-Agent strings associated with automated payload delivery * Absence of recent UI navigation events preceding critical state-changing requests (e.g., no GET on settings page before a POST to change credentials) * IP address or geolocation anomalies that break user behavior norms but do not involve login * Session age anomalies where newly authenticated sessions perform high-risk actions immediately without a ramp-up of normal usage ### Behavioral Clues in Session Activity CSRF incidents often manifest in workflows that deviate from natural user interaction. For example: * Fund transfers, password changes, or API token generation occurring as the first or only action in a session * Lack of supporting GET requests or page loads around POST operations * High-sensitivity actions issued by users who typically lack privileges to do so * Clustered actions across multiple users that follow the same URI pattern or timing profile These patterns suggest scripted triggering, not genuine human use. ### Monitoring Recommendations for SOC Teams [Security operations](https://www.paloaltonetworks.com/cyberpedia/what-is-security-operations?ts=markdown) should apply layered telemetry and behavioral baselining: * **Log all state-changing HTTP methods** (POST, PUT, DELETE, PATCH) with full request metadata including headers, source IP, and session ID * **Flag cross-origin requests** to high-value endpoints that lack CSRF token validation * **Correlate Referer and Origin headers** against an allowlist of trusted domains * **Monitor for skipped UI sequences**, such as direct access to execution endpoints without preceding navigation * **Alert on privilege-sensitive operations** initiated without multi-factor interaction, particularly in admin contexts [SIEM](https://www.paloaltonetworks.com/cyberpedia/what-is-siem?ts=markdown) and [XDR](https://www.paloaltonetworks.com/cyberpedia/what-is-extended-detection-response-XDR?ts=markdown) platforms should ingest [web application firewall (WAF)](https://www.paloaltonetworks.com/cyberpedia/what-is-a-web-application-firewall?ts=markdown) logs and reverse proxy telemetry to detect CSRF-relevant signals. Custom rules can look for: ![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/csrf-cross-site-request-forgery/code-snippet-sql.png) In mature detection pipelines, session behavior modeling --- which builds baselines for each user's navigation and interaction cadence --- can raise precision. CSRF rarely occurs in isolation, so even weak signals gain strength when combined. CSRF is the fraudster wearing your badge and entering through the front door. The systems accept the request because the credentials check out. Only by analyzing the context --- not just the content --- can defenders expose when intent has been subverted. The strongest signal of CSRF is not a signature. It's a behavioral gap between authentication and legitimate intent. ## Defending Against Cross-Site Request Forgery The fundamental weakness CSRF exploits is implicit trust --- applications that assume any authenticated request is a legitimate one. Preventing CSRF means forcing the application to verify that the request was initiated with genuine user intent. That verification cannot rely solely on sessions or cookies. It must incorporate defenses that validate where the request originated and whether the user knowingly triggered it. No single control is sufficient. Defense-in-depth is required, especially for applications with browser-accessible state-changing endpoints. ### Technical Controls Developers Must Implement **Use anti-CSRF tokens on all state-changing requests.** Embed a cryptographically secure, per-session or per-request token in each form or AJAX call. On receipt, the server must verify that the token matches the expected value for the session and action. * Synchronizer tokens (stored server-side) provide the strongest guarantee * Double-submit cookies (token stored in both cookie and request body/header) are suitable for stateless APIs with secure transport * Token should be unique per user, tied to session state, and rotated on login **Enforce SameSite cookie attributes.** Set authentication cookies with SameSite=Lax or SameSite=Strict. This instructs the browser not to send cookies on cross-site requests, which breaks the core mechanic of most CSRF attacks. * Strict blocks all cross-site use, including some legitimate flows * Lax allows safe navigation while still protecting most forms of CSRF * None should only be used when absolutely necessary, and must be paired with Secure **Reject requests without valid Origin or Referer headers.** Origin validation provides a secondary line of defense. While headers can be absent or manipulated, requiring a trusted Origin or Referer for high-risk actions raises the bar for attackers. * Validate only for non-idempotent operations (e.g., POST, PUT, DELETE) * Maintain a trusted list of domains and enforce strict matches * Avoid relying solely on Referer due to privacy extensions or proxies that may strip it **Avoid using GET requests for state changes.** Design RESTful endpoints so that any operation that modifies data requires a POST or other non-idempotent method. Never use GET to trigger actions like deletion, updates, or financial transfers. **Isolate admin functionality on separate subdomains** Segmenting interfaces by subdomain or origin prevents CSRF attacks targeting privileged interfaces. Pair this with strict SameSite cookie rules to contain credential scope. ### Architecture and Identity Hardening **Leverage modern authentication flows over session cookies.** Move toward token-based authentication (e.g., JWT, OAuth 2.0) wherever possible. Tokens sent explicitly in headers (not stored in cookies) are not automatically included in cross-origin requests, making them inherently resistant to CSRF. **Apply multi-factor authentication to critical actions.** Require step-up authentication not just at login, but when executing high-risk operations --- such as modifying permissions, deleting data, or initiating financial transactions. **Implement rate limiting and anomaly detection.** Apply behavioral thresholds to sensitive endpoints. If a user initiates an action that breaks their normal usage pattern, pause and require reauthentication or additional verification. ### Operational Measures and Training **Educate developers on CSRF as a design flaw.** Security training should emphasize designing for intent verification, not just implementing tokens as a checkbox. Teams must understand why CSRF works, where it hides, and how to dismantle it. **Include CSRF testing in [CI/CD security](https://www.paloaltonetworks.com/cyberpedia/what-is-ci-cd-security?ts=markdown) gates.** Integrate static and dynamic analysis tools that flag missing CSRF tokens, improper use of GET, or unsafe cookie attributes during the build pipeline. **Review vendor-supplied interfaces and plugins.** Third-party admin panels, cloud dashboards, and legacy extensions often lack CSRF protections or conflict with strict cookie settings. Periodic audits of these systems are critical. ### What Doesn't Work and Why **Assuming HTTPS prevents CSRF.** Transport encryption ensures confidentiality but does not affect whether the browser sends session cookies with a forged request. **Relying on CAPTCHAs to stop CSRF.** CAPTCHAs may block some automated exploits but offer little protection against CSRF where the browser is already authenticated. They cannot verify request origin or intent. **Using same-origin policy alone.** SOP restricts cross-origin JavaScript, not form submission or image-based attacks. CSRF bypasses SOP by leveraging the browser's native request behavior, not script execution. Preventing CSRF means abandoning the assumption that authenticated means authorized. Controls must verify not just who the user is, but why the request is being made. Every organization with browser-facing workflows must treat CSRF not as an edge-case relic, but as a modern vulnerability still waiting to be eliminated by deliberate, layered design. ## Responding to a CSRF Incident ### Decisive Session Control Containment begins by revoking the trust that CSRF abused --- namely, the authenticated session. If forged requests have been detected, the organization must immediately invalidate all active sessions tied to affected users or roles. Targeted session termination can prevent further misuse while preserving evidence. Web servers should rotate session tokens, expire authentication cookies, and force reauthentication across the application. If the attack vector was publicly hosted (e.g., a malicious form embedded on a compromised domain), security teams should issue firewall or DNS blocks to disrupt additional payload delivery. ### Identify and Eradicate Vulnerable Endpoints CSRF typically succeeds because one or more endpoints failed to validate request intent. Response teams must identify the full list of exposed URIs and confirm: * Whether they lack CSRF token validation * Whether they accept cross-origin requests without origin checks * Whether they process GET requests to trigger state changes Once identified, those endpoints must be taken offline, patched, or shielded behind temporary access controls. A WAF or reverse proxy can block known exploit patterns while remediation proceeds. If the application accepts third-party integrations or embedded widgets, teams should also audit external dependencies that might reintroduce the exploit path. ### Investigate and Communicate with Context A CSRF compromise may not leave a clear intrusion trail. Traditional indicators like [brute-force attempts](https://www.paloaltonetworks.com/cyberpedia/brute-force?ts=markdown) or malware signatures won't appear. Investigation should focus on: * Reviewing request logs for suspicious Referer or Origin headers * Tracing high-impact changes to accounts, roles, or configurations made via session-authenticated requests * Cross-referencing these actions with user clickstreams to detect deviations from expected behavior Where impact extends to data modification, financial transfers, or infrastructure changes, the organization must follow incident notification protocols. Communicate the nature of the attack, the scope of affected systems, and the response measures enacted. Avoid technical jargon. Focus on the mechanism --- forged authenticated requests --- and what has been done to close the path. ### Involve the Right Stakeholders and Tooling Teams that must engage include: * **[Incident Response (IR)](https://www.paloaltonetworks.com/cyberpedia/what-is-incident-response?ts=markdown)**: Lead investigation, root cause analysis, and recovery coordination * **[Application Security (AppSec)](https://www.paloaltonetworks.com/cyberpedia/application-security?ts=markdown)**: Patch vulnerable logic, deploy temporary controls, and implement long-term fixes * **[DevOps](https://www.paloaltonetworks.com/cyberpedia/what-is-devops?ts=markdown)/SRE**: Rotate credentials, redeploy affected services, and apply configuration changes * **Legal and Compliance**: Assess disclosure obligations and regulatory risk, especially where user data or financial workflows were involved * **Communications**: Manage internal and external messaging to maintain trust Supporting tools may include SIEM for correlation, WAF logs for payload tracking, and behavioral analytics to spot impacted users. ### Hardening After the Event Focus post-incident improvements on: * Retrofitting all state-changing endpoints with CSRF token enforcement and strict method handling * Reviewing SameSite cookie configurations and revising them to default-deny where possible * Implementing origin checking for administrative or high-risk actions * Deploying static analysis tools in CI pipelines to flag missing CSRF protections before code reaches production * Reassessing architectural assumptions, particularly those involving browser trust, token storage, and authentication workflows Conduct a formal post-mortem that goes beyond technical remediations. Examine process gaps, test coverage, and alerting blind spots that allowed CSRF exploitation to occur undetected. Ensure that application developers and product teams understand the systemic risk --- not just the exploit. ## CSRF as a Strategic Business Risk Cross-site request forgery does not generate headlines the way ransomware or data breaches do. Yet the business consequences can be just as severe. CSRF undermines the foundational promise that authenticated actions reflect user intent. Once that assurance collapses, the ripple effects spread across financial integrity, access control, and brand credibility. Because CSRF operates silently --- without compromising credentials or breaking through authentication --- executives often underestimate its significance. In practice, it can be used to reroute funds, alter permissions, disable protections, or embed persistent backdoors, all under the guise of legitimate session activity. That blurs accountability and exposes organizations to reputational and legal fallout. ### Where CSRF Fits in Business Risk Prioritization Security and risk leaders must evaluate CSRF not solely on likelihood, but on downstream business impact. CSRF is most dangerous when: * High-value workflows, such as billing, provisioning, or policy enforcement, are accessible via browser interfaces * Session-based authentication is used without additional verification steps * Legacy code, third-party components, or internal dashboards bypass standard security reviews * CSRF protection is assumed but unverified due to framework defaults or middleware configuration Risk scoring should factor in the visibility of the affected surface, the sensitivity of operations exposed, and the difficulty of detection post-exploitation. CSRF often evades traditional alerting and forensics, which increases recovery cost and investigation time. When applied to internal portals or cloud admin interfaces, a successful CSRF attack can create persistent access or misconfigure systems in ways that remain hidden for weeks. That elevates the threat to one with long-term consequences, not just immediate disruption. ### Legal and Regulatory Exposure Because CSRF attacks often involve unauthorized changes made under valid user sessions, they can trigger compliance failures even without a data breach. Depending on the action taken, organizations may find themselves in violation of: * [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown), for failing to prevent unauthorized processing or transfer of personal data * [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown), if patient records or access controls are modified without valid authorization * SOX, where financial reporting systems or audit logs are altered via session forgery Auditors are increasingly attuned to application-level security controls. A CSRF exploit that results in account privilege escalation or changes to financial data can lead to regulatory inquiries, reputational damage, and civil liability --- even if the actual attacker remains anonymous. ### Long-Term Consequences for Trust and Platform Integrity The most lasting impact of CSRF is the erosion of confidence. When users discover that actions they didn't authorize have been carried out in their name, trust in the platform declines --- regardless of whether credentials were stolen. That loss of confidence affects adoption, retention, and the credibility of security messaging across the organization. Internally, CSRF incidents reveal deeper concerns about engineering maturity. Systems that fail to distinguish intent from authentication often suffer from broader architectural weaknesses: implicit trust, poor isolation of privileged functions, and misplaced reliance on browser behavior. To maintain platform integrity, executives must ensure that CSRF protections are not assumed but verified. That includes routine audits of session-handling mechanisms, formal validation of anti-CSRF controls, and architectural reviews of how sensitive operations are exposed through the browser. Failure to address CSRF as a strategic threat leaves the organization vulnerable not to the most sophisticated attackers --- but to the most patient ones. Those who know that trust, once granted, is rarely rechecked. ## Key Priorities for CSRF Defense and Resilience ### Verify Intent, Not Just Authentication Authentication alone cannot guarantee a user meant to perform an action. Applications must implement mechanisms --- such as anti-CSRF tokens, origin checks, and method validation --- that require proof of deliberate interaction. Any state-changing request should fail without verified intent, regardless of session status. ### Eliminate Implicit Trust in the Browser Browsers will faithfully include session cookies in every request to a trusted domain, even when the request originates elsewhere. Security leaders must ensure session-based authentication is paired with cookie controls like SameSite attributes and architectural patterns that avoid relying on passive authentication alone. ### Audit Every State-Changing Endpoint Applications often grow faster than security reviews. Every endpoint that modifies data, changes permissions, or alters configurations must be audited to confirm it enforces CSRF protection. Don't assume frameworks or middleware are correctly configured --- verify them through testing. ### Design for Containment and Visibility Detection is difficult without behavioral context. Monitor for requests that bypass expected workflows, originate from untrusted referers, or execute without user navigation. Instrument sensitive operations with session telemetry and anomaly detection to catch forged requests in flight. ### Align CSRF Defense with Business Risk Treat CSRF as a risk to business integrity, not just as a coding oversight. The attack targets high-trust interactions, often with outsized consequences. Prioritize protection around financial transactions, identity changes, access policies, and administrative functions. Integrate CSRF resilience into secure-by-design principles and executive-level risk reporting. Preventing CSRF is not about stopping an attacker from accessing a system. It's about ensuring that every action inside your system reflects real user intent. Without that assurance, trust becomes an illusion --- and every session a potential threat surface. ## Cross-Site Request Forgery FAQs ### What is login CSRF? Login CSRF is a specialized form of cross-site request forgery in which the attacker forges a login request to a trusted application using their own credentials. If successful, the victim's browser becomes authenticated to the attacker's account. From that point on, any action the victim takes --- such as uploading files or saving configuration changes --- benefits the attacker, who retains full visibility over the linked session. Unlike traditional CSRF, this method does not execute an action on behalf of the user but binds their session to attacker-controlled credentials. ### What is double-submit cookie CSRF protection? Double-submit cookie is a CSRF mitigation strategy used when server-side session state is minimal or stateless. The server sets a token as a cookie and expects the client to echo that token in a custom request header or form field. Upon receiving the request, the server compares the two values --- if they match, the request proceeds. While effective, this method assumes that the attacker cannot read or manipulate cookies and that both values are transmitted over a secure, same-origin channel. ### What is SameSite cookie enforcement? SameSite is a browser-enforced cookie attribute that controls whether a cookie is sent with cross-site requests. When set to SameSite=Strict, the cookie is only sent with same-origin navigation. SameSite=Lax allows cookies to accompany top-level navigations such as clicking a link, but blocks them in embedded or programmatic requests. SameSite=None permits cross-site usage but requires the Secure flag. Proper SameSite enforcement is critical for preventing CSRF, as it disrupts the browser's default behavior of including cookies on all requests regardless of origin. ### What is the difference between CSRF and XSS? CSRF exploits the trust a site places in the user's browser, while [cross-site scripting (XSS)](https://www.paloaltonetworks.com/cyberpedia/xss-cross-site-scripting?ts=markdown) exploits the trust a user places in a website's content. CSRF sends unauthorized requests using valid credentials without the user's knowledge. XSS injects malicious scripts into a page viewed by other users, often to steal data or hijack sessions. Although different in mechanism, the two can be combined --- an XSS payload may inject CSRF requests, effectively chaining attacks for greater impact. ### What is a CSRF token and how does it work? A CSRF token is a unique, unpredictable value generated by the server and embedded in every state-changing form or request. When the user submits the form or triggers the action, the token is included in the request payload. The server checks whether the received token matches the expected value for the current session. If the token is missing or invalid, the request is rejected. CSRF tokens ensure that only requests originating from the legitimate user interface are accepted, preventing forged cross-site actions. Related content [Access Incident Insights Discover the latest threat actor tactics and get real-world insights and expert recommendations to safeguard your organization better.](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown) [IDC 2025 MarketScape Leader for Worldwide IR Services. See why IDC MarketScape recognized us.](http://start.paloaltonetworks.com/idc-incident-response-marketscape-2025) [Prevent Email-Based Attacks Through Preparation Find out how a Unit 42 BEC Readiness Assessment can strengthen your defenses against sophisticated email threats.](https://www.paloaltonetworks.com/resources/datasheets/bec-readiness-assessment?ts=markdown) [Defend Against Cyber Attacks: Silence the SecOps Noise Learn how to simplify threats, data, devices, tools and complexity of cyber attacks with the AI-driven intelligence of XSIAM](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20CSRF%20%28Cross-Site%20Request%20Forgery%29%3F&body=Cross-site%20request%20forgery%20%28CSRF%29%20is%20a%20silent%20threat%20that%20exploits%20trusted%20sessions%20to%20trigger%20unauthorized%20actions.%20Learn%20how%20to%20detect%2C%20prevent%2C%20and%20respond.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/csrf-cross-site-request-forgery) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-a-ddos-attack?ts=markdown) What Is a DDoS Attack? [Next](https://www.paloaltonetworks.com/cyberpedia/what-is-spear-phishing?ts=markdown) What Is Spear Phishing? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language