Scribd
Upload
27 views

Web Security

Web security protects computer networks and systems from damage or theft of software, hardware, and data by ensuring systems are not misdirected or disrupted from their intended purposes. Browsers have become more complex over time with additional features, but this has also introduced new security vulnerabilities. The same-origin policy is a security model browsers use to prevent websites from interfering with each other without permission, assigning each resource to an origin and only allowing JavaScript to access resources from its own origin. Cross-site request forgery attacks trick users into performing unwanted actions on authenticated websites, but including unpredictable CSRF tokens in queries provides strong protection against these attacks.

Uploaded by

John Maina
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
27 views

Web Security

Web security protects computer networks and systems from damage or theft of software, hardware, and data by ensuring systems are not misdirected or disrupted from their intended purposes. Browsers have become more complex over time with additional features, but this has also introduced new security vulnerabilities. The same-origin policy is a security model browsers use to prevent websites from interfering with each other without permission, assigning each resource to an origin and only allowing JavaScript to access resources from its own origin. Cross-site request forgery attacks trick users into performing unwanted actions on authenticated websites, but including unpredictable CSRF tokens in queries provides strong protection against these attacks.

Uploaded by

John Maina
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 1

Web security Its protects networks and computer systems from damage or theft of

software, hardware, and data. Computer systems are protected from being misdirected or
disrupted to offer the services they were meant to do. The web can be accessed via a browser, a
software application that allows users to view and interact with all of the information available
on the Internet.
Browser nowadays is super complicated. Every single day several features are added to
web browsers. From the perspective of security, these added features have led to many loopholes
in security. When current security bugs are fixed others tend to come up due to the addition of
other features. Parsing context in coding has made web security weaken, as a result of the
availability of multiple languages and runtime to use. Web specification, examples definition of
jpeg, HTML, and CSS. All these specifications wind up being texts that don't necessarily match
what actual browsers perform.
The same-origin policy is a security model a browser uses to ensure two websites do not
tamper with each other unless they want to. The policy enforces Each resource to be assigned to
an origin and JavaScript code to only access resources from its origin. The four underlying
principles that guide the browser's implementation of the same origin policy are, that each origin
has client-side resources. Each frame receives the origin of its URL, the browser gives no
authority to passive content. JavaScript code executes with the authority of its frame's origin.
Cross-site request forgery (CSRF) Is a type of attack that causes an end-user to perform
undesirable actions on a web application where they are currently authenticated. CSRF attacks
aim to change the state of a request, not to steal information. Due to the attacker's lack of
visibility into the fabricated answer. Including a CSRF token in relevant queries is the best
defense against CSRF attacks. The appropriate token is: As with session tokens in general, this
token is unpredictable and has a significant degree of entropy.

You might also like