An attack which can occur when a malicious website, email, blog, instant message (IM) or program causes a user’s web browser to perform unwanted action on a trusted website. CSRF allows an attacker to access functionality in a target web application via the victim’s already authenticated browser.