CHAPTER 6Browser Security Principles: Cross-Site Scripting and Cross-Site Request Forgery

We’ll Cover

image Cross-site scripting

image Cross-site request forgery

Sometimes the most effective way that an attacker can compromise your application is not to attack the server directly, but instead to attack your users through their web browsers. Browsers have the inherent defense of the same-origin policy to prevent attacks like this, but vulnerabilities present in your code can allow attackers to circumvent that defense. Now that we have a good understanding of ...

Get Web Application Security, A Beginner's Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.