CSRF is not XSS!!!


	CSRF is not XSS!!! September 5th, 2007 by Corey Post moved here: http://intrepidusgroup.com/insight/2007/09/csrf-is-not-xss/
	This entry was posted on Wednesday, September 5th, 2007 at 4:36 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed. 582 ResponsesCSRF+is+not+XSS%21%21%212007-09-05+21%3A36%3A15Corey to “CSRF is not XSS!!!” PhishMe » Myth Buster I: Input Validation is a Panacea says: October 29, 2007 at 10:14 am [...] Benninger explained the difference between the often confused XSS and XSRF in a previous blog post. The root cause of XSRF is the predicability of key HTTP requests that result in transactions with [...] PhishMe » Myth Buster II: We’ve Never Been Hacked says: October 31, 2007 at 4:16 pm [...] about Session Riding attacks? In these cases, we have a legitimately logged in user, coming from their normal IP address [...]

Blogroll