TL;DR-time: XSS & XSRF (web attack vectors) — Domain Specific Language
I'm going to explain Cross-site scripting (XSS) & Cross-site request forgery (XSRF/CSRF) to myself.
CSRF Demystified
gnucitizen.orgCross-Site Request Forgery has been all over the press recently since several major sites and web applications were plagued by exploits and uncovered vulnerabilities - including GMail, Google AdSense and many others. When talking to developers about CSRF there's mostly not that much knowledge and a lot of misconceptions and FUD. Sometimes the term CSRF hasn't even been heard of before. So, with this article, I will try to provide a basic explanation about the attack pattern itself, come up with several real word examples and finally summarize a list of things developers can do to protect their sites against CSRF attacks.