What is the Difference Between XSS and CSRF
Table of Contents
The main difference between CSS and CSRF is that in XSS, the malicious code is inserted into the website while in CSRF, the malicious code is stored on third party sites.
There are thousands of websites available on the World Wide Web (WWW). Most organizations maintain a website to inform customers about their products and services. Moreover, customers can perform online transactions and send inquiries via the website. Generally, different attacks can occur on a website. Thus, it can affect the functioning of the website. Two common threats are XSS and CSRF.
Key Areas Covered
1. What is XSS
-Definition, Functionality
2. What is CSRF
– Definition, Functionality
3. Difference Between XSS and CSRF
-Comparison of key differences
Key Terms
Client-Side Scripting, Cookies, CSRF, Malicious Codes, XSS
What is XSS
XSS stands for Cross-Site Scripting. When there is an XSS attacks a website, that code is executed on the users of the website by the browser. Generally, the attacker writes the XSS code in a client-side scripting language such as JavaScript. Moreover, XSS can steal user’s cookies, modify the webpage and even display malware downloads that change the settings of the user.
There are two types of XSS attacks. In persistent XSS, the attacker hides the malicious code in the database of the website so that the user access it without any knowledge. Furthermore, the non-persistent attack sends malicious code to the server via an HTTP request.
What is CSRF
CSRF stands for Cross-Site Request Forgery. The attack misleads the user to interact with a page or a script on a third party site. First, the CSRF attack generates a malicious request to the user’s site. The server assumes that it is a request from an authorized website. When the user accepts the request, the attacker can take control of the data sent in the request.
For example, a bank provides the user with a session token to access his bank account. A hacker can mislead the user to click on a fake link that points to the bank. The attacker can then obtain the token when the user clicks on the link. Then the attacker’s request runs, and he can access the account and transfer money to his account.
Difference Between XSS and CSRF
Definition
XSS is a type of computer security vulnerability found in web applications that enables attackers to inject client-side scripts into web pages viewed by the users. In contrast, CSRF is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.
Malicious code
In XSS, the malicious code is inserted into the website while in CSRF, the malicious code is stored in the third party sites.
Long Form
While XSS stands for Cross-Site Scripting, CSRF stands for Cross-Site Request Forgery.
Association
Moreover, a website that is prone to XSS attack can also be prone to CSRF attack. But, on the other hand, a website’s protection against XSS attack does not guarantee that it protects CSRF attack too.
Conclusion
In brief, XSS and CSRF are two threats that can affect the functioning of a website. The main difference between CSS and CSRF is that, in XSS, the malicious code is inserted into the website while in CSRF, the malicious code is stored on third party sites.
References:
1.DrapsTV. XSS Tutorial #1 – What Is Cross Site Scripting?, YouTube, 22 Jan. 2015, Available here.
2.Wikipedia, Wikimedia Foundation, 14 July 2019, Available here.
3.Wikipedia, Wikimedia Foundation, 14 July 2019, Available here.
Image Courtesy:
1.”2296269″ via Pixabay
ncG1vNJzZmiolZm2oq2NnKamZ6edrrV5yKxkraCVYrGqssWeqZ6mk5p6o7HTsJyepl2twLR5wKebZpujp7Nw