Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Web Security Vulnerabilities

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 272
    Comment on it

    Cross site scripting (XSS)

    XSS is sending unfiltered data such as <script> or any other HTML data to the server, when the user needs any resource, the server sends unfiltered data to the client. The attacker may get private data.

    Prevention: Always sanitize the data before saving/retrieving data from/to server.

     

    Cross site request forgery

    CSRF is a mechanism to identify the right source of the request.

    Ex- The general request json data for login to a website, you need to pass:

    {
    
     "username": "dinesh11",
    
     "password": "dineshpassword"
    
    }
    
    

     

    An attacker checks the html source code of you form or html page and replicates, submits the form by actually visiting the website.

    CSRF has a token which actually verifies the token is valid. CSRF is a mechanism that generate a unique token for every request and embeds the token on you html source code of the page.

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: