ONE$ && ZER0$

AJAX, short for Asynchronous Javascript And XML is a set of web development techniques that allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes. This is simply a modification of a web page, without reloading it. In modern implementations, developers commonly utilize JSON instead of XML due to the advantage of JSON being native to javascript. AJAX is not a programming language, but a combination of browser build in XMLHttpRequest object, Javascript and HTML.  So in this word AJAX, as i previously mentioned, it means " Asynchronous Javascript And XML". In here, Asynchronous means, in the background or not requiring a page refresh. You all know what's "Javascript" means 😅. XML is a data format that very similar to JSON.  So, as i mentioned earlier, modern development is using JSON rather than XML when it comes to AJAXs. So I guess we can call this as AJAJ - Asynchronous Javascript And Jason,  because...

In the previous blog post about cross site request forgery AKA CSRF , I discussed about the basics about CSRF, what it does and some mitigation techniques. Among those techniques, in this blog post I’m going to talk about the Synchronizer Token Pattern and its flow when exchanging CSRF token. What is Synchronizer Token Pattern? This is a technique where a unique secure string value, also known as a CSRF token, will embedded by the web application in all HTML forms and verified on the server side in each state changing requests. The token may be generated by any method that ensure uniqueness, unpredictability and security so that any attacker would not be able to place the correct token along with the request. Why STP? A third party attacker cannot perform a CSRF attack, because cross domain AJAX calls are not possible. This means, the victim is in banker.com, and attacker.com cannot request the CSRF token  from the server via an ajax, because the domain doesn...