What is the Difference Between XSS and CSRF

The main difference between CSS and CSRF is that in XSS, the malicious code is inserted into the website while in CSRF, the malicious code is stored on third party sites.

There are thousands of websites available on the World Wide Web (WWW). Most organizations maintain a website to inform customers about their products and services. Moreover, customers can perform online transactions and send inquiries via the website. Generally, different attacks can occur on a website. Thus, it can affect the functioning of the website. Two common threats are XSS and CSRF.

Key Areas Covered

1. What is XSS
-Definition, Functionality
2. What is CSRF
– Definition, Functionality
3. Difference Between XSS and CSRF
-Comparison of key differences

Key Terms

Client-Side Scripting, Cookies, CSRF, Malicious Codes, XSS

Difference Between XSS and CSRF - Comparison Summary

What is XSS

XSS stands for Cross-Site Scripting. When there is an XSS attacks a website, that code is executed on the users of the website by the browser. Generally, the attacker writes the XSS code in a client-side scripting language such as JavaScript. Moreover, XSS can steal user’s cookies, modify the webpage and even display malware downloads that change the settings of the user.

Difference Between XSS and CSRF

There are two types of XSS attacks. In persistent XSS, the attacker hides the malicious code in the database of the website so that the user access it without any knowledge. Furthermore, the non-persistent attack sends malicious code to the server via an HTTP request.

What is CSRF

CSRF stands for Cross-Site Request Forgery. The attack misleads the user to interact with a page or a script on a third party site. First, the CSRF attack generates a malicious request to the user’s site. The server assumes that it is a request from an authorized website. When the user accepts the request, the attacker can take control of the data sent in the request.

For example, a bank provides the user with a session token to access his bank account.  A hacker can mislead the user to click on a fake link that points to the bank. The attacker can then obtain the token when the user clicks on the link. Then the attacker’s request runs, and he can access the account and transfer money to his account.

Difference Between XSS and CSRF

Definition

XSS is a type of computer security vulnerability found in web applications that enables attackers to inject client-side scripts into web pages viewed by the users. In contrast, CSRF is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.

Malicious code

In XSS, the malicious code is inserted into the website while in CSRF, the malicious code is stored in the third party sites.

Long Form

While XSS stands for Cross-Site Scripting, CSRF stands for Cross-Site Request Forgery.

Association

Moreover, a website that is prone to XSS attack can also be prone to CSRF attack. But, on the other hand, a website’s protection against XSS attack does not guarantee that it protects CSRF attack too.

Conclusion

In brief, XSS and CSRF are two threats that can affect the functioning of a website. The main difference between CSS and CSRF is that, in XSS, the malicious code is inserted into the website while in CSRF, the malicious code is stored on third party sites.

References:

1.DrapsTV. XSS Tutorial #1 – What Is Cross Site Scripting?, YouTube, 22 Jan. 2015, Available here.
2.Wikipedia, Wikimedia Foundation, 14 July 2019, Available here.
3.Wikipedia, Wikimedia Foundation, 14 July 2019, Available here.

Image Courtesy:

1.”2296269″ via Pixabay

About the Author: Lithmee

Lithmee holds a Bachelor of Science degree in Computer Systems Engineering and is reading for her Master’s degree in Computer Science. She is passionate about sharing her knowldge in the areas of programming, data science, and computer systems.

Leave a Reply