Comments on: CSRF is not XSS!!! http://blog.phishme.com/2007/09/csrf-is-not-xss/ Posts about innovative phishing ploys, social engineering techniques, and the latest hacks. PhishMe is your one stop blog for the latest in anti-phishing and security news. Sat, 04 Feb 2012 10:16:28 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: PhishMe » Myth Buster II: We’ve Never Been Hacked http://blog.phishme.com/2007/09/csrf-is-not-xss/comment-page-1/#comment-60 PhishMe » Myth Buster II: We’ve Never Been Hacked Wed, 31 Oct 2007 21:16:07 +0000 http://blog.phishme.com/2007/09/csrf-is-not-xss/#comment-60 [...] about Session Riding attacks? In these cases, we have a legitimately logged in user, coming from their normal IP address [...] [...] about Session Riding attacks? In these cases, we have a legitimately logged in user, coming from their normal IP address [...]

]]> By: PhishMe » Myth Buster I: Input Validation is a Panacea http://blog.phishme.com/2007/09/csrf-is-not-xss/comment-page-1/#comment-59 PhishMe » Myth Buster I: Input Validation is a Panacea Mon, 29 Oct 2007 15:14:44 +0000 http://blog.phishme.com/2007/09/csrf-is-not-xss/#comment-59 [...] Benninger explained the difference between the often confused XSS and XSRF in a previous blog post. The root cause of XSRF is the predicability of key HTTP requests that result in transactions with [...] [...] Benninger explained the difference between the often confused XSS and XSRF in a previous blog post. The root cause of XSRF is the predicability of key HTTP requests that result in transactions with [...]

]]>