March 13, 2007
Dangers of CSRF and XSS
Guest writes "Of all the vulnerabilities affecting web applications, especially those written in PHP, Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) are by far the most prevalent. In many instances, developers downplay the severity of these threats and fail to take preventative action. In this article, we will show you how CSRF and XSS work and how to defend against them. To dispel the myths about these attacks, I will assume the role of a hacker and show how the supposedly harmless injection of tiny bits of HTML can perform amazing things, from stealing the user's identity to a completely transparent rewrite of site content."