Question

What's the difference between cross-site scripting and cross-site request forgery? How do you protect against cross-site request forgery? Against cross-site scripting?

Answer 1

Answer:

Cross-site request forgery requires a secure website or network that needs user authentication while Cross-site scripting is for websites with no user authentication policies.

Explanation:

Cross-site request forgery is a process used by hackers and network administrators to forcefully grant access to users on a secure website or network. If an administration trust a user who has lost his authentication details, he uses cross-site request forgery to give access to the user.

Cross-site scripting is basically javascript program execution from a server. It is not secure and vulnerable to attacks.