Exploiting Trust
Exploiting Trust
- Although they both share a commonality of exploiting trust, XSS and CSRF are in fact (inversely) different
attacks in who's trust they exploit.
- Cross-site scripting (XSS)
- Attacker injecting actions (code) on server to run on client
- exploits clients trust of server
- Cross Site Request Forgeries (CSRF)
- Attacker injecting actions (request) on client to run on server
- exploits servers trust of client
![[insert cool pic of XSS]](images/xss.png)
![[insert cool pic of CSRF]](images/csrf.png)