Explain about CSRF and XSS. Difference betwn both?

Question

Accepted Answer

CSRF and XSS are both web security vulnerabilities. CSRF allows attackers to perform unwanted actions on behalf of a user, while XSS allows attackers to inject malicious scripts into web pages.

CSRF (Cross-Site Request Forgery) is an attack that tricks the victim into performing unwanted actions on a website without their knowledge or consent.
XSS (Cross-Site Scripting) is an attack that allows attackers to inject malicious scripts into web pages viewed by other users.
CSRF exploits the trust a website has in a user's browser, while XSS exploits the trust other users have in a website.
CSRF attacks can lead to actions like changing passwords, making unauthorized transactions, or modifying user settings.
XSS attacks can lead to stealing sensitive information, session hijacking, or defacing websites.
Preventing CSRF involves using tokens to validate requests, while preventing XSS involves input sanitization and output encoding.
Example of CSRF: An attacker tricks a user into clicking a malicious link that performs a transaction on their behalf without their knowledge.
Example of XSS: An attacker injects a script into a comment field on a website, which then executes when other users view the comment.

Accepted Answer

CSRF is a web security vuln that allows a attacker to induce users o perform actions that they are not intended to perform. 
XSS is a web security vuln that allows attacker to compromise the interactions that users have with a vulnerable application.
Difference is that CSRF needs victim to be logged in to application for vulnerability attacks.

Asked in Rainfotech

Explain about CSRF and XSS. Difference betwn both?

Interview Questions Asked to Security Analyst at Other Companies

Top Skill-Based Questions for Rainfotech Security Analyst