One of the most subtle and interesting web application security vulnerabilities is called Cross Site Request Forgery (CSRF), known as ClickJacking. As we designed Internet Explorer 8 as of now RC1, we had to be very careful not to increase the browser’s attack surface for CSRF attacks. IE8’s new XDomainRequest object, for instance, allows cross-domain communication upon explicit permission of the server, but contains specific restrictions to ensure that new types of CSRF attacks are not made possible. End-users can mitigate the impact of CSRF attacks by logging out of sensitive websites when not in use, and by browsing in independent InPrivate Browsing sessions.[…]
By Deepak Gupta Posted on ,
Share This Story, Choose Your Platform!
About the Author:
Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.
Microsoft submits 3784 CSS 2.1 tests to W3C
Windows Live People Update 'Managing your contacts'
@diTii Facebook Page
Recent News Topics