-1

While the whole method of XSS and CSRF attacks are totally different, the main difference is that:

XSS - Runs a Script on the brwoser

CSRF - Sends a (HTTP) request from the browser.

Is correct (a Yes or No answer will suffice)?

Thanks

DrDoom
  • 455
  • 1
  • 5
  • 13

1 Answers1

2

Exactly. The XSS (Cross Site Scripting) try to execute in some way a script on victim's browser. It can be reflected, stored, etc.

The CSRF (Cross Site Request Forgery) try to use a victim's already logged cookie/session to perform any action on a web.

References:

OscarAkaElvis
  • 5,225
  • 3
  • 18
  • 49
  • Thanks. Wasn't sure if that was the basic difference or if I totally misunderstood the concept. – DrDoom Jun 16 '17 at 13:49