Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 

  • Web Security Vulnerabilities

    @dinesh.rawat
    Recommendations Offline Message

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 237
    Comment on it

    Cross site scripting (XSS)

    XSS is sending unfiltered data such as <script> or any other HTML data to the server, when the user needs any resource, the server sends unfiltered data to the client. The attacker may get private data.

    Prevention: Always sanitize the data before saving/retrieving data from/to server.

     

    Cross site request forgery

    CSRF is a mechanism to identify the right source of the request.

    Ex- The general request json data for login to a website, you need to pass:

    {

 "username": "dinesh11",

 "password": "dineshpassword"

}

     

    An attacker checks the html source code of you form or html page and replicates, submits the form by actually visiting the website.

    CSRF has a token which actually verifies the token is valid. CSRF is a mechanism that generate a unique token for every request and embeds the token on you html source code of the page.

    html Javascript csrf xss Web Security Vulnerabilities php nodejs
    Comment on it

 0 Comment(s)

Sign In
Forgot Password?
                           OR                           
Create an account !!
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: