📚 Topic Summary
Cross-Site Request Forgery (CSRF) is a type of cyber attack where a malicious website, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. Think of it like someone forging your signature to make purchases without your knowledge. A CSRF token is a unique, secret, unpredictable value that a web application generates and verifies for each user session. It's used to prevent CSRF attacks by ensuring that the request comes from the actual user and not a malicious source.
In this unplugged activity, we'll explore how CSRF tokens work in a simple, hands-on way, without needing any computers or coding. This is all about understanding the core principles of web security and how we can protect ourselves online.
🔑 Part A: Vocabulary
Match the term with its definition:
| Term |
Definition |
| 1. CSRF |
A. A secret value used to prevent unauthorized requests. |
| 2. Token |
B. A type of attack where a malicious site causes unwanted actions on a trusted site. |
| 3. Session |
C. Proving you are who you say you are. |
| 4. Authentication |
D. A period of interaction between a user and a website or application. |
| 5. Origin |
E. The domain from which a request comes. |
Answer Key: 1-B, 2-A, 3-D, 4-C, 5-E
✍️ Part B: Fill in the Blanks
Fill in the blanks using the following words: Forgery, Unpredictable, User, Malicious, Token.
Cross-Site Request _________ (CSRF) is a type of attack where a _________ website tricks a _________'s browser into performing unwanted actions. A CSRF _________ is a secret and _________ value that protects against these attacks by verifying that the request comes from the actual user.
Answer Key: Forgery, Malicious, User, Token, Unpredictable
🤔 Part C: Critical Thinking
Imagine you are designing a website for a bank. Explain in your own words how you would use a CSRF token to protect your users from unauthorized transactions. What makes a good CSRF token and how does it help?