Description Known software vulnerabilities are available to everyone on the Internet. If an attacker knows which components you use, he can retrieve these vulnerabilities and find a way to exploit them. Examples Somehow, an attacker found out my bank’s website uses Apache web server version 1.3.22 on Win32. This version has a critical vulnerability that […]

Description An attacker sends a request to a website you are authenticated on to execute an operation without your formal approval. Attackers usually use XSS to make you or your browser send this malicious request, but many other flaws exist to achieve the same goal. Examples Every month, to pay my rent, I authenticate on […]