You can protect your web application against CSRF attacks by generating for each user connecting to the site a random token, and requiring that token to be sent along every request. Software packages, such as Spring Security or OWASP CSRFGuard, can make it easier for you to do this in your own web application.
Orbeon Forms does everything required to prevent CSRF attacks, out-of-the-box, so this is one less thing you'll need to worry about.