What:

Cross-site scripting (XSS) is a type of attack in which malicious scripts are injected into a trusted website. It typically occurs due to lack of input sanitization and further rendering of this unsafe input, in a web application.

There are primarily two types:

1. Stored / Persistent XSS:

In this type of XSS, there is no explicit action required from the victim, since the injected script is permanently stored on the target server(s). The victim unknowingly retrieves the malicious script from the server, when requesting for other information.

How:

There is a forum page, which displays the most recent comment on a…

As per the Wikipedia definition:
HTTPS or HTTP Secure is an extension of the Hypertext Transfer Protocol (HTTP) for secure communication over a computer network.

It is what manifests itself as the green padlock icon that can be seen in the ‘Address Bar’ of your browser, when visiting any website that supports HTTPS eg — Medium.

In HTTPS, there is encryption using Transport Layer Security (TLS) or Secure Sockets Layer (SSL), which was the predecessor.
TLS was introduced in 1999, and is based off SSL 3.0.

SSL / TLS aim to provide both privacy (using encryption) and identification (trusting the…

Cross-Site Request Forgery also known as CSRF / XSRF is an HTTP level vulnerability.

In a CSRF attack, an attacker tricks the user into visiting a different web-page (eg — evil.com) with malicious code that secretly sends a request to the application’s web server (eg — abc-bank.com ).

Here’s a scenario of how it could happen:
Let’s say the user is logged into the application at abc-bank.com. The user opens and email and clicks a link to evil.com, which opens in a new tab.

The evil.com page immediately sends a malicious request to abc-bank.com. This could for example be a…