March 20, 2016

Difference between CSRF and XSS

□ CSRF(Cross-Site Request Forgery)

○ Summary : Client whose authority is stolen sends fake request to server
○ Attack : Server
○ Purpose : Authority steal

□ XSS(Cross-Site Scripting)
○ Summary : Malicious script is executed on the client
○ Attack : Client
○ Purpose : CookieㆍSession extortion, deface web sites. etc.