Question

    Which of the following attacks can occur when a user is

    tricked into performing unintended actions on a trusted website without their knowledge?
    A SQL Injection Correct Answer Incorrect Answer
    B Cross-Site Request Forgery (CSRF) Correct Answer Incorrect Answer
    C Distributed Denial-of-Service (DDoS) Correct Answer Incorrect Answer
    D Credential Stuffing Correct Answer Incorrect Answer
    E Buffer Overflow Correct Answer Incorrect Answer

    Solution

    CSRF is an attack where an authenticated user is tricked into performing actions on a website without their consent. The attacker typically sends a malicious link or embeds it in a third-party site, and when the user clicks it, their browser unknowingly sends authenticated requests to the targeted application. This can result in unauthorized transactions, account modifications, or data theft. CSRF exploits the trust that the application places in the user's browser, relying on the lack of proper anti-CSRF measures like tokens. For example, a user logged into their bank account could unknowingly approve a transfer initiated by an attacker. Why Other Options Are Incorrect :

    1. SQL Injection : This involves injecting malicious queries into databases, unrelated to user actions.
    2. Distributed Denial-of-Service (DDoS) : This overwhelms servers, making websites unavailable, but doesn’t involve tricking users.
    3. Credential Stuffing : This uses leaked credentials to gain unauthorized access, unrelated to unintended user actions.
    4. Buffer Overflow : This exploits memory allocation vulnerabilities, not user behavior.

    Practice Next