Question
Which of the following correctly describes the primary
difference between Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)?Solution
Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) are both web security vulnerabilities, but they operate in distinct ways:
- CSRF tricks authenticated users into performing unintended actions on behalf of an attacker by exploiting trust in the user's session. For example, if a logged-in user clicks on a malicious link, the attacker could execute unwanted actions (e.g., fund transfers). CSRF exploits flaws in how web applications handle session tokens or cookies.
- XSS , on the other hand, involves injecting malicious scripts into a web application to execute in the victim’s browser. It primarily targets input validation and output encoding flaws to display or execute harmful code in the user's context.
- Option A: Both CSRF and XSS target the user’s browser, but XSS also indirectly impacts the application.
- Option C: CSRF does not rely on executing JavaScript; it typically involves sending crafted HTTP requests.
- Option D: CSRF does not inherently depend on phishing; it can occur through any malicious link, such as in a forum or ad.
- Option E: CSRF and XSS are protocol-agnostic and can occur over both HTTP and HTTPS.
The highest Lake of India is?
.__________ is the minimum age to contest a state legislative Council election.
When was the Indus Water Treaty, which featured in news recently, signed by India and Pakistan?
Nuclear explosives devices were tested in India at-
Mahatma Gandhi Sarbat Vikas Yojna was recently launched in the state of
Where is the Dr. Ambedkar Institute of Technology for Handicapped located?
The theme of National Youth Festival observed on 12th January was:
Who composed the patriotic song 'Vijayi Vishwa Tiranga Pyara'?
How many Indian states share border with Myanmar?
Which among the following state won the 8th sub-junior Hockey championship recently held in Assam?
