Beware Of Cross-Site Request Forgery Errors
Cross-site request forgery accounted for 22 percent of all Web applications tested by Cenzic in 2012. The class of vulnerabilities that make up CSRF allows attackers to send pre-authenticated but unauthorized commands using credentials that the application trusts, according to Cenzic. Attackers can use a CSRF attack to "ride" the session of an individual on a particular website by using the victim's browser credentials. In addition to the browser, an attacker can use a malicious script in a Microsoft Office document or Flash file that exploits CSRF.