Cross-site request forgery (CSRF) is one of the most commonly misunderstood web application vulnerabilities. Nonetheless, failure to properly identify such vulnerabilities can pose a serious risk to a web application and its users. In this recipe, we will discuss how to test for CSRF vulnerabilities in both GET and POST method parameters.