What is the difference between CSRF and XSS?

How does CSRF token prevent XSS attacks?

  • Assuming that the server properly validates the CSRF token, and rejects requests without a valid token, then the token does prevent exploitation of the XSS vulnerability. The clue here is in the name: "cross-site scripting", at least in its reflected form, involves a cross-site request.

What is cross-site scripting and cross-site request forgery (CSRF)?

  • This article will address the second most prevalent kind of attacks and a sleeping giant: Cross-Site Scripting (XSS) and Cross-site Request Forgery (CSRF). While XSS by itself can be quite malicious, the combination of the two in an attack scenario can wreak havoc for any unsuspecting user, application, and organization.

What is CSRF and how does it work?

  • According to the Web Application Security Consortium, CSRF “ is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim.”

image-What is the difference between CSRF and XSS?
image-What is the difference between CSRF and XSS?
Share this Post: