• Cross-site request forgery
    Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type...
    30 KB (3,749 words) - 19:00, 17 November 2024
  • Server-side request forgery
    otherwise not be directly accessible to the attacker. Similar to cross-site request forgery which utilizes a web client, for example, a web browser, within...
    2 KB (216 words) - 11:00, 25 October 2024
  • Thumbnail for HTTP cookie
    HTTP cookie (redirect from Same-site cookie)
    to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples). Tracking cookies, and especially third-party...
    93 KB (10,970 words) - 06:19, 4 October 2024
  • Thumbnail for List of HTTP header fields
    List of HTTP header fields (redirect from HTTP request header field)
    January 19, 2014. "SAP Cross-Site Request Forgery Protection". SAP SE. Retrieved January 20, 2015. "Django Cross Site Request Forgery protection". Django...
    53 KB (2,479 words) - 17:08, 14 November 2024
  • JSONP (section Cross-site request forgery)
    with malicious data. Naive deployments of JSONP are subject to cross-site request forgery (CSRF or XSRF) attacks. Because the HTML <script> element does...
    15 KB (1,769 words) - 15:00, 22 September 2024
  • Thumbnail for JavaScript
    JavaScript (category Cross-platform software)
    browser authors. Another cross-site vulnerability is cross-site request forgery (CSRF). In CSRF, code on an attacker's site tricks the victim's browser...
    95 KB (9,355 words) - 10:26, 22 November 2024
  • Cross-site
    Cross-site may refer to the following network security exploits: Cross-site cooking Cross-site request forgery Cross-site scripting Cross-site tracing...
    194 bytes (55 words) - 04:12, 28 December 2019
  • Session fixation (section Regenerate SID on each request)
    solved to a great extent. This technique is also useful against cross-site request forgery attacks. The session identifier on most modern systems is stored...
    18 KB (2,566 words) - 16:12, 18 October 2024
  • Confused deputy problem
    program's own permission to access the file is used implicitly. A cross-site request forgery (CSRF) is an example of a confused deputy attack that uses the...
    9 KB (1,222 words) - 13:09, 21 June 2024
  • Same-origin policy (section Read access to sensitive cross-origin responses via reusable authentication)
    subdomains rather than port numbers. Cross-origin resource sharing Cross-site scripting Cross-site request forgery Site isolation Content Security Policy...
    19 KB (2,170 words) - 20:18, 17 November 2024
  • Cross-application scripting
    cross-application request forgery (CARF) is the equivalent of cross-site request forgery (CSRF) in desktop applications. In CARF the concept of “link”...
    3 KB (459 words) - 00:03, 10 December 2021
  • Cross-site leaks
    only be set by the browser. Cross origin resource sharing Same origin policy Cross-site scripting Cross-site request forgery While there are other possible...
    65 KB (7,527 words) - 17:22, 13 November 2024
  • Self-XSS
    however, chaining it with a cross-site request forgery vulnerability escalates its impact to that of typical cross-site-scripting. In the past, a very...
    6 KB (552 words) - 12:05, 18 November 2024
  • BREACH
    to foil BREACH in individual attack scenarios, such as using cross-site request forgery (CSRF) protection. Another suggested approach is to disable HTTP...
    6 KB (701 words) - 09:02, 9 October 2024
  • Thumbnail for World Wide Web
    World Wide Web
    to the website to which the cookie belongs (see cross-site scripting and cross-site request forgery for examples). Tracking cookies, and especially third-party...
    91 KB (9,213 words) - 01:13, 12 November 2024
  • Web development (redirect from Web site programming)
    common vulnerabilities, including SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Authentication and authorization mechanisms...
    39 KB (4,690 words) - 19:30, 19 November 2024
  • Thumbnail for WebSocket
    WebSocket
    connection establishment, to avoid cross-site WebSocket hijacking attacks (similar to cross-site request forgery), which might be possible when the connection...
    49 KB (3,673 words) - 12:27, 10 October 2024
  • Thumbnail for Django (web framework)
    Django (web framework)
    applications tools for generating Sitemaps built-in mitigation for cross-site request forgery, cross-site scripting, SQL injection, password cracking and other typical...
    36 KB (2,416 words) - 23:15, 9 November 2024
  • Vulnerability (computer security)
    might be able to take over the entire server. Cross-site request forgery (CSRF) is creating client requests that do malicious actions, such as an attacker...
    26 KB (3,300 words) - 05:38, 16 November 2024
  • Thumbnail for Cross-site cooking
    Cross-site cooking
    Cross-site cooking is similar in concept to cross-site scripting, cross-site request forgery, cross-site tracing, cross-zone scripting etc., in that it involves...
    3 KB (379 words) - 00:43, 4 December 2021
  • DOM clobbering
    open redirections by overwriting the window.location attribute, cross-site request forgery, or even gain arbitrary code execution via careful manipulation...
    15 KB (1,734 words) - 05:56, 8 April 2024
  • Session hijacking
    this will not protect against attacks such as Firesheep. ArpON Cross-site request forgery HTTP cookie TCP sequence prediction attack Bugliesi, Michele;...
    13 KB (1,588 words) - 18:28, 5 November 2024
  • List of computing and IT abbreviations
    Processes CSRF—Cross-Site Request Forgery CSS—Cascading Style Sheets CSS—Content-Scrambling System CSS—Closed Source Software CSS—Cross-Site Scripting CSV—Comma-Separated...
    92 KB (6,571 words) - 15:04, 12 November 2024
  • Security hacker
    examples of security exploits are SQL injection, cross-site scripting and cross-site request forgery which abuse security holes that may result from substandard...
    55 KB (5,968 words) - 14:01, 21 November 2024
  • OWASP
    concerns such as phishing, credit card handling, session fixation, cross-site request forgeries, compliance, and privacy issues. OWASP Testing Guide: The OWASP...
    19 KB (1,584 words) - 15:57, 25 October 2024
  • Web Messaging (redirect from Cross-document messaging)
    Presto layout engines. Cross-site scripting Cross-site request forgery Same-origin policy Cross-origin resource sharing JSONP Cross-Document Messaging –...
    7 KB (681 words) - 23:29, 18 November 2024
  • Referer spoofing
    to defeat referer checking controls that are used to mitigate Cross-Site Request Forgery attacks. Several software tools exist to facilitate referer spoofing...
    4 KB (533 words) - 23:53, 16 July 2024
  • Apache Wicket
    (MVC) frameworks work in terms of whole requests and whole pages. In each request cycle, the incoming request is mapped to a method on a controller object...
    13 KB (1,113 words) - 21:14, 1 May 2024
  • Wt (web toolkit)
    validation Contains various security features to avoid Cross-site scripting and Cross-site request forgery (CSRF) vulnerabilities Includes a compact C++ ORM-layer...
    8 KB (777 words) - 09:08, 10 July 2024
  • Hiawatha (web server) (category Cross-platform free software)
    v8.6) Hiawatha aimed to prevent SQL-injection, cross-site scripting (XSS), Cross-site request forgery (CSRF), and denial-of-service attacks. It allowed...
    9 KB (772 words) - 02:14, 29 August 2024