WebApp Interaction Flaws

• XSS – Cross Site Scripting

• • Browser trusts server
  • Cookie stealing

• XSRF – Cross Site Request Forgery

• • Webserver trusts browser
  • Referrer pop-quiz
  • Myspace worm combination XSS, XSRF

• SQL Injection

• • Favorite $input=” ' or 1==1 --”