An attack that impersonates the end user by performing some sort of actions on a website when in reality they did not execute these actions

authentication process involving a username and password which prevent the hacker from logging into the user account

The malicious user leverages the one time that the victim will be logged onto both the secure and unsecure sites and then injects commands that execute when the user enters authentication details

Strong authentication - User access management

Any attack that affects the user by compromising user data

Attempts to change user password - Transferring funds from a user account - Sending private messages from a web application

Requests are forged with the intention of accessing application servers

Using URLs carrying data that can read and edit content from a website

- Theft of authentication keys - Data and file extraction from servers - Executing database alteration commands