1. XSS :
2. CSRF :
Cross Site Request Forgery is one of the most severe computer security vulnerabilities that can be exploited in various ways from changing user’s information without his knowledge to gaining full access to user’s account. The cybercriminal tries to force/trick you into making a request which you did not intend, making use of the existing victim’s context, such as cookies. Every single time you interact with website, its server checks the cookie you send with the request so it knows it’s you.
Difference between XSS and CSRF :
|1.||XSS stands for Cross-Site Scripting.||CSRF stands for Cross-Site Request Forgery.|
|2.||The cybercriminal injects a malicious client side script in a website. The script is added to cause some form of vulnerability to a victim.||The malicious attack is created in such a way that a user sends malicious requests to the target website without having knowledge of the attack.|
|3.||In this, injection of arbitrary data by data that is not validated.||It depends on the functionality and features of the browser to retrieve and execute the attack bundle.|
|5.||The site accepts the malicious code.||The malicious code is stored in third party sites.|
|6.||The site that is vulnerable to XSS attacks is also vulnerable to CSRF attacks.||The site that is completely protected from XSS attack types is still vulnerable to CSRF attacks.|
|7.||XSS is more harmful as compared.||CSRF is less harmful as compared.|
|8.||Using XSS vulnerability the attacker can do anything he/she wants.||Using CSRF vulnerability the attacker can do only what the vulnerable urls do.|
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.
- What is SameSite Cookies and CSRF Protection?
- What is Cross Site Request Forgery (CSRF)
- Difference between Stop and Wait, GoBackN and Selective Repeat
- Difference between Stop and Wait protocol and Sliding Window protocol
- Similarities and Difference between Java and C++
- Difference between Yaacomo and and XAP
- Difference between VoIP and and POTS
- Difference and Similarities between PHP and C
- Difference between Time Tracking and Time and Attendance Software
- Difference Between Single and Double Quotes in Shell Script and Linux
- Difference between ++*p, *p++ and *++p
- Difference Between DOS and Windows
- Difference between User Level thread and Kernel Level thread
- What’s difference between The Internet and The Web ?
- Difference between Priority Inversion and Priority Inheritance
- What’s difference between Linux and Android ?
- What’s difference between header files "stdio.h" and "stdlib.h" ?
- Difference between HTML and HTTP
- Difference between http:// and https://
- What's difference between MMU and MPU?
If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to email@example.com. See your article appearing on the GeeksforGeeks main page and help other Geeks.
Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.