M. BakerSecure Web Application Development https://doi.org/10.1007/978-1-4842-8596-1_8

8. Cross-Site Requests

Matthew Baker¹

(1)

Kaisten, Aargau, Switzerland

This chapter is about the threats that occur when your site accesses other sites and when your site is accessed from another site. We saw one example in the last chapter, in the exercise “Exploiting a Stored XSS Vulnerability.” Here, you as the attacker were able to exploit a vulnerability and upload malicious JavaScript that sent victims’ cookies to your site.

We will look at three features web browsers offer to protect against cross-site attacks and to safely allow cross-site requests to legitimate ...

Get Secure Web Application Development: A Hands-On Guide with Python and Django now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure Web Application Development: A Hands-On Guide with Python and Django by Matthew Baker

8. Cross-Site Requests

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly