Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery (SSRF)

CSRF attacks occur when an unauthorised command(s) are transmitted from a user who is trusted by the application. These attacks mostly affect apps or websites which rely on a user's identity. A user's browser could be tricked by an attacker into sending HTTP requests to a target website, for example, a user authenticated by the application via a cookie could unknowingly send a HTTP request to a site that trusts the user, triggering an unwanted action.