Image: Pixabay CSRF attacks exploit the trust that a website has in a client like a web browser. These attacks rely on the website trusting that a request from a client is actually the intention of the person using that client. An attacker will try to trick the web browser into issuing a request to the server. The server will assume that the request is valid because it trusts the client. At its most simple a CSRF attack could involve making a malicious form on a webpage that causes the client to send a POST request to a url. As an example, imagine that a user called Alice is logged into Facebook in one tab and is browsing the internet on another tab. A filthy pirate Bob creates a malicious form in a webpage that submits a POST request to Facebook that sends a person to a link of Rick Astley dancing. Alice arrives on the page we made and Javascript submits the form to Facebook. Facebook trusts Alice's web browser and there is a valid session for he...