Chapter 6. Exploiting Clients Using XSS and CSRF Flaws

In this era of Web 2.0, more organizations are developing rich online applications. These applications are designed for e-commerce business, banking transactions, stock trading, storing medical records, and more. To provide rich user experience, the application interacts with the user and also stores the sensitive personal information of those using the application. From a security perspective, the developers of these applications need to take necessary measures to secure the application and maintain the integrity of the sensitive data.

The major concern when an application relies on user input is that it cannot trust the end user to provide non-malicious data. The user may use a script in ...

Get Penetration Testing: A Survival Guide now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.