Which of the following web application attacks involves

Solution

Cross-Site Request Forgery (CSRF) is a type of attack where an attacker tricks a victim into executing unwanted actions on a web application where they are currently authenticated. The attack leverages the victim's active session, forcing them to perform actions such as submitting a form, changing account details, or initiating transactions without their knowledge or consent. CSRF attacks are dangerous because they exploit the trust that a web application has in a user's browser. For instance, if a user is logged into their banking website, an attacker can craft a malicious request that, when executed, performs actions as the logged-in user. The web application executes the request because it appears to come from the authenticated user. Why Other Options Are Wrong: A) Cross-Site Scripting (XSS): XSS is a vulnerability that allows an attacker to inject malicious scripts into a web application. Unlike CSRF, it targets other users rather than exploiting the authenticated user's actions. B) SQL Injection: SQL Injection is a technique where malicious SQL code is inserted into a query to manipulate a database, unrelated to tricking an authenticated user into performing unintended actions. D) Brute Force Attack: A brute force attack tries to guess user credentials through repeated attempts. It does not involve tricking users into executing unintended actions. E) Denial-of-Service (DoS): DoS attacks aim to disrupt service availability by overwhelming the system with traffic, not by exploiting user sessions.