Open In App

Difference between XSS and CSRF

Last Updated : 15 Dec, 2021
Improve
Improve
Like Article
Like
Save
Share
Report

1. XSS :
XSS is a computer security vulnerability found in web applications that enables cybercriminal to inject client-side scripts into web pages viewed by the users. The cybercriminal makes the victim’s browser execute a script (mostly written in JavaScript) that has injected by the attacker when visits a trusted website. The cybercriminal has several ways of injecting the JavaScript into a web site that the victim trusts. It does not need an authenticated session and can be exploited when the vulnerable website doesn’t do the basics of validating or escaping input.

2. CSRF :
Cross Site Request Forgery is one of the most severe computer security vulnerabilities that can be exploited in various ways from changing user’s information without his knowledge to gaining full access to user’s account. The cybercriminal tries to force/trick you into making a request which you did not intend, making use of the existing victim’s context, such as cookies. Every single time you interact with website, its server checks the cookie you send with the request so it knows it’s you.



Difference between XSS and CSRF :

S.No. XSS CSRF
1. XSS stands for Cross-Site Scripting. CSRF stands for Cross-Site Request Forgery.
2. The cybercriminal injects a malicious client side script in a website. The script is added to cause some form of vulnerability to a victim. The malicious attack is created in such a way that a user sends malicious requests to the target website without having knowledge of the attack.
3. In this, injection of arbitrary data by data that is not validated. It depends on the functionality and features of the browser to retrieve and execute the attack bundle.
4. JavaScript is required to perform this attack. JavaScript is not required to perform this attack.
5. The site accepts the malicious code. The malicious code is stored in third party sites.
6. The site that is vulnerable to XSS attacks is also vulnerable to CSRF attacks. The site that is completely protected from XSS attack types is still vulnerable to CSRF attacks.
7. XSS is more harmful as compared. CSRF is less harmful as compared.
8. Using XSS vulnerability the attacker can do anything he/she wants. Using CSRF vulnerability the attacker can do only what the vulnerable urls do.​


Like Article
Suggest improvement
Previous
Difference between Checksum and CRC
Next
Difference between UDP and RTP
Share your thoughts in the comments

Similar Reads

How to Reduce Risk of Exposure to CSRF, XSRF, or XSS Attacks?
Difference Between XSS and SQL Injection
What is SameSite Cookies and CSRF Protection?
What is Cross Site Request Forgery (CSRF)
Difference between Difference Engine and Analytical Engine
Difference between Voltage Drop and Potential Difference
Difference Between Electric Potential and Potential Difference
Difference and Similarities between PHP and C
Difference between Stop and Wait protocol and Sliding Window protocol
Similarities and Difference between Java and C++

A
adware
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox