CSRF vulnerabilities Cross-site request forgery (CSRF) vulnerabilities are extremely common in web applications. Despite they are known since a long time ago, we are used to find them constantly in the most important vulnerabilities included in OWASP top 10 web security audits. . CSRF attacks are based on the fact that cookies associated to a particular domain are sent automatically by the browser in those requests addressed to that domain, regardless the origin. This situation means that an attacker is able to force requests containing appropriate values towards a web from an external domain (cross-site requests) despite of unknowing the value of any user’s cookies on that particular web. In case the application does not count on the corresponding protection measures, ...