Some browsers include partial protection against reflected XSS attacks (like Google Chrome), in which the attacker provides a URL including malicious script. However, even users of those browsers are vulnerable to other XSS attacks, such as those where the malicious code is stored in a database. Only correct design of Web applications on the server side can fully prevent XSS.
XSS vulnerabilities can also occur because of implementation mistakes by browser authors.
Another cross-site vulnerability is cross-site request forgery (CSRF). In CSRF, code on an attacker’s site tricks the victim’s browser into taking actions the user didn’t intend at a target site (like transferring money at a bank). It works because, if the target site relies only on cookies to authenticate requests, then requests initiated by code on the attacker’s site will carry the same legitimate login credentials as requests initiated by the user. In general, the solution to CSRF is to require an authentication value in a hidden form field, and not only in the cookies, to authenticate any request that might have lasting effects. Checking the HTTP Referrer header can also help.
Related languages and features:
4 – Angular and AngularJS are web application frameworks to use for developing single-page applications and also cross-platform mobile apps.
SitePoint has reported More than 56,000 developers in 173 countries completed the Stack Overflow Developer Survey during 2016 and Here are the most-used technologies:
2 – SQL — 49.1%
3 – Java — 36.3%
4 – C# — 30.9%
5 – PHP — 25.9%
6 – Python — 24.9%
7 – C++ — 19.4%
10 – C — 15.5%
Regards, Elias Naserkhaki.