1. XSS :
2. CSRF :
Cross Site Request Forgery is one of the most severe computer security vulnerabilities that can be exploited in various ways from changing user’s information without his knowledge to gaining full access to user’s account. The cybercriminal tries to force/trick you into making a request which you did not intend, making use of the existing victim’s context, such as cookies. Every single time you interact with website, its server checks the cookie you send with the request so it knows it’s you.
Difference between XSS and CSRF :
|1.||XSS stands for Cross-Site Scripting.||CSRF stands for Cross-Site Request Forgery.|
|2.||The cybercriminal injects a malicious client side script in a website. The script is added to cause some form of vulnerability to a victim.||The malicious attack is created in such a way that a user sends malicious requests to the target website without having knowledge of the attack.|
|3.||In this, injection of arbitrary data by data that is not validated.||It depends on the functionality and features of the browser to retrieve and execute the attack bundle.|
|5.||The site accepts the malicious code.||The malicious code is stored in third party sites.|
|6.||The site that is vulnerable to XSS attacks is also vulnerable to CSRF attacks.||The site that is completely protected from XSS attack types is still vulnerable to CSRF attacks.|
|7.||XSS is more harmful as compared.||CSRF is less harmful as compared.|
|8.||Using XSS vulnerability the attacker can do anything he/she wants.||Using CSRF vulnerability the attacker can do only what the vulnerable urls do.|
Attention reader! Don’t stop learning now. Get hold of all the important CS Theory concepts for SDE interviews with the CS Theory Course at a student-friendly price and become industry ready.