Shulou(Shulou.com)06/02 Report--

What is CSRF?

CSRF (Cross-siterequestforgery cross-site request forgery, also known as "oneclickattack" or sessionriding, usually abbreviated to CSRF or XSRF, is a malicious exploitation of a website. Although it sounds like cross-site scripting (XSS), it is very different from XSS, and the * way is almost different. XSS takes advantage of trusted users within the site, while CSRF takes advantage of trusted sites by masquerading requests from trusted users. Compared with XSS***, CSRF*** is often less popular (so there are few resources to prevent it) and difficult to prevent, so it is considered to be more dangerous than XSS.

Similarities and differences between Xss and CSRF

CSRF and XSS are somewhat similar in means of *, both execute malicious code on the client side. Some articles believe that the difference between CSRF and XSS is that CSRF does not pay attention to obtaining user Cookie. The author thinks that another difference may be that CSRF can not only initiate * at the origin server, but also guide users to visit other dangerous websites at the same time.

The whole process of XSS is a cross-site script *, that is, * users insert malicious JavaScript scripts into a Web page. When the ordinary user visits, the malicious script executes automatically and steals the user's Cookie and other information. The main defense against XSS is input check and output check, such as special character check on the text box content entered by the user. Output checking refers to filtering or codec of content output to a web page, such as using HTML encoding to

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.