Repozytorium Web Developera

Archiwum z lat 2013-2018, treści mogą być nieaktualne.

Security

XSRF - Cross-site request forgery

Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. - https://en.wikipedia.org/wiki/Cross-site_request_forgery

XSS - Cross-site scripting

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. - https://en.wikipedia.org/wiki/Cross-site_scripting