James Lane
Tyler Jones
Henry Spivey
XSS (Cross-Site Scripting)
Where an attacker enters malicious script and/or markup into a form and then posting it to a site. If another use navigates to this page where the malicious form was submitted the browser will then parse and execute the malicious code.
CSRF (Cross Site Request Forgery)
An attack where a user may be logged into a site such as an online bank account and because they are logged in, the cookies and credentials are set in the browser. If the user then navigates to a malicious site while they are still logged into the bank. That malicious site could have a link to execute some activity on the bank's site such as transferring money or withdrawing without the user's knowledge.
Click Jacking
An attack that tricks a user into inadvertently clicking on something else other than that they intended to or my physically see. An example is When a malicious <iFrame> could be loaded over a legitimate looking site and it's z-index is set to it's overlaid on top of the site the user believes they are on. The CSS opacity is set to 0 so it's transparent. There may be invisible buttons to perform some malicious activity overlaid on top of a button the user intends to click on.
(
Edited: 2016-05-16)
'''James Lane
Tyler Jones
Henry Spivey'''
<br><br>
'''XSS (Cross-Site Scripting)'''
Where an attacker enters malicious script and/or markup into a form and then posting it to a site. If another use navigates to this page where the malicious form was submitted the browser will then parse and execute the malicious code.
<br><br>
'''CSRF (Cross Site Request Forgery)'''
An attack where a user may be logged into a site such as an online bank account and because they are logged in, the cookies and credentials are set in the browser. If the user then navigates to a malicious site while they are still logged into the bank. That malicious site could have a link to execute some activity on the bank's site such as transferring money or withdrawing without the user's knowledge.
<br><br>
'''Click Jacking'''
An attack that tricks a user into inadvertently clicking on something else other than that they intended to or my physically see. An example is When a malicious <iFrame> could be loaded over a legitimate looking site and it's z-index is set to it's overlaid on top of the site the user believes they are on. The CSS opacity is set to 0 so it's transparent. There may be invisible buttons to perform some malicious activity overlaid on top of a button the user intends to click on.