ONE$ && ZER0$

I previously explained what is CSRF  and how we can mitigate a CSRF attack using Synchronizer token pattern technique. In this blog post I'm going to talk about another CSRF mitigation technique called "Double Submit Cookies Pattern"  😉 What is Double Submit Cookies Pattern? This is a technique, that sends a random seed or a "token" as we call it, in both a cookie and as a request parameter, with the server verifying if the cookie value and the request value match. Why DSCP? Now its obvious that a third party entity cannot perform a CSRF attack without the CSRF token, and in here attacker or the third party entity cannot get the token because its in a cookie, and third party web pages cannot retrieve cookies from another web page that has a different domain. For example, assume that the genuine web page is banker.com, and the attacker's web page is attacker.com, when a user logged in to the banker.com, and accidentally redirect to attacker...

AJAX, short for Asynchronous Javascript And XML is a set of web development techniques that allows web pages to be updated asynchronously by exchanging data with a web server behind the scenes. This is simply a modification of a web page, without reloading it. In modern implementations, developers commonly utilize JSON instead of XML due to the advantage of JSON being native to javascript. AJAX is not a programming language, but a combination of browser build in XMLHttpRequest object, Javascript and HTML.  So in this word AJAX, as i previously mentioned, it means " Asynchronous Javascript And XML". In here, Asynchronous means, in the background or not requiring a page refresh. You all know what's "Javascript" means 😅. XML is a data format that very similar to JSON.  So, as i mentioned earlier, modern development is using JSON rather than XML when it comes to AJAXs. So I guess we can call this as AJAJ - Asynchronous Javascript And Jason,  because...