CSRF stands for cross-site request forgery. It’s also known as session riding or XSRF. CSRF takes advantage of the inherent statelessness of the web to simulate user actions on one website (the target site) from another website (the attacking site). Typically, CSRF will be used to perform actions of the attacker’s choosing using the victim’s authenticated session. If a victim has logged into the target site, an attacker can coerce the victim’s browser to perform actions on the target website.