Cross-Site Request Forgery and Server-Side Request Forgery attacks have similar names, and both take advantage of how servers process URLs. But these attacks have very different impacts. Understanding the difference between them is an important part of VAPT for web applications.