Book Image

JavaScript Security

By : Eugene Liang
Book Image

JavaScript Security

By: Eugene Liang

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
JavaScript Security
Eugene Liang
Nov, 2014 | 112 pages
No titles found
Table of Contents (13 chapters)
JavaScript Security
JavaScript Security
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
JavaScript and the Web
JavaScript and the Web
JavaScript and your HTML/CSS elements
JavaScript beyond the client
JavaScript security issues
Summary
2
Secure Ajax RESTful APIs
Secure Ajax RESTful APIs
Building a RESTful server
Basic defense against similar attacks
Summary
3
Cross-site Scripting
Cross-site Scripting
What is cross-site scripting?
Examples of cross-site scripting
Defending against cross-site scripting
Summary
4
Cross-site Request Forgery
Cross-site Request Forgery
Introducing cross-site request forgery
Other examples of CSRF
Other forms of protection
Summary
5
Misplaced Trust in the Client
Misplaced Trust in the Client
When trust gets misplaced
Summary
6
JavaScript Phishing
JavaScript Phishing
What is JavaScript phishing?
Examples of JavaScript phishing
Defending against JavaScript phishing
Summary
Index
Index

Introducing cross-site request forgery

Cross-site request forgery (CSRF) exploits the trust that a site has in a user's browser. It is also defined as an attack that forces an end user to execute unwanted actions on a web application in which the user is currently authenticated. We have seen at least two instances where CSRF has happened. Let's review these security issues now.

Examples of CSRF

We will now take a look at a basic CSRF example:

  1. Go to the source code provided for this chapter and change the directory to chp4/python_tornado. Run the following command:

    python xss_version.py

  2. Remember to start your MongoDB process as well.

  3. Next, open external.html found in templates, in another host, say http://localhost:8888. You can do this by starting the server, which can be done by running python xss_version.py –port=8888, and then visiting http://loaclhost:8888/todo_external. You will see the following screenshot:

    Adding a new to-do item

  4. Click on Add To Do, and fill in a new to-do item, as shown...

Previous Section
End of Section 2
Next Section