1. Introduction Generally speaking, CSRF is a deceptive behavior and a malicious use of a website. Although it sounds like cross-site scripting (XSS), it is very different from XSS, and the attack method is almost the same. XSS exploits trusted users within a site, while CSRF exploits trusted websites by disguising requests from trusted users. […]
Tag: csr
SSR, CSR, SSG, ISR and DPR technologies in Next.js
CSR (Client Side Rendering) client rendering CSR is client-side rendering, such as the common rendering method used by SPA, which is supported by all mainstream frameworks , or in other words: as long as JS is used in the client-side rendering process, and the data is obtained and rendered through the client sending a request, […]
CSRF vulnerabilities and shooting ranges (the most detailed in history)
CSRF Cause: The server does not strictly control the data submitted by the user, allowing the attacker to use the user’s cookie information to forge user requests and send them to the server. Utilization method: The attacker induces the victim to enter a third-party website, and in the third-party website, sends a cross-site request to […]
CSRF vulnerability principle attack and defense (very detailed)
CSRF vulnerability principle attack and defense Directory CSRF vulnerability principle attack and defense 1. What is CSRF? 2. CSRF attack principle and process 3. CSRF classification 1. GET type CSRF 2. POST type CSRF 4. Digging of CSRF vulnerabilities 5. Defense against CSRF vulnerabilities 1. Verification code 2. Add token to the request address and […]
A brief discussion on SSR/MPA CSR/ SPA SSG ISR
Foreword > This article would like to introduce what the terms in front-end SSR/MPA CSR/SPA SSG ISR mean. After all, it is a very common word. SSR (Server Side Render) and MPA (Multi-Page Application) The full name of SSR: Server Side Render. The Chinese translation is server rendering. What does server rendering mean? For example, […]
Flask project database configuration, redis configuration, session configuration, csrf configuration, log configuration
1. In the app.py file from datetime import timedelta from flask_wtf.csrf import CSRFProtect from flask import Flask, session from flask_sqlalchemy import SQLAlchemy from redis import StrictRedis from flask_session import Session app = Flask(__name__) classConfig(): #Debug information DEBUG = True SECRET_KEY = ‘fjsiogkgnmdinging’ # Database information SQLALCHEMY_DATABASE_URI = ‘mysql + pymysql://root:123456@localhost:3306/info36’ SQLALCHEMY_TRACK_MODIFICATIONS = False # redis […]
Web security and protection (XSS, CSRF, SQL injection)
XSS attack principle Xss (cross-site scripting) attacks refer to attackers inserting malicious html tags or javascript code into web pages. For example: ①The attacker places a seemingly safe link in the forum, deceives the user into clicking on it, and then steals the user’s private information in the cookie; ② Or the attacker adds a […]
XSS attacks, SQL injection, CSRF attacks, DDOS attacks and DNS hijacking
Explain the common network attack methods:XSS attack, SQL injection, CSRF attack, DDOS attack and DNS hijacking. XSS Attack Full name cross-site scripting attack Cross Site Scripting In order to distinguish it from the overlapping style sheet CSS, another abbreviation name was changed to XSS XSS Attackers tamper with web pages and inject malicious HTML scripts, […]
CSRF vulnerability principle attack and defense (very detailed)
CSRF vulnerability principle attack and defense Directory CSRF vulnerability principle attack and defense 1. What is CSRF? 2. CSRF attack principle and process 3. CSRF classification 1. GET type CSRF 2. POST type CSRF 4. Digging of CSRF vulnerabilities 5. Defense against CSRF vulnerabilities 1. Verification code 2. Add token to the request address and […]
Pikachu Range – Cross-Site Request Forgery (CSRF)
Article directory 1. Cross-site request forgery (CSRF) 1.1 CSRF(get) 1.2 CSRF(post) 1.3 CSRF Token 1.4 CSRF vulnerability defense 1. Cross-site request forgery (CSRF) You can also refer to my other article: Cross-site request forgery (CSRF) The full name is Cross-site request forgery, which translates as cross-site request forgery. It refers to using the victim’s identity […]