https://ai-blog.noorshomelab.dev/tags/browser-security/Recent content in Browser Security on AI VOIDHugoenWed, 07 Jan 2026 00:00:00 +0000https://ai-blog.noorshomelab.dev/how-it-works/content-security-policy-internals/Wed, 07 Jan 2026 00:00:00 +0000https://ai-blog.noorshomelab.dev/how-it-works/content-security-policy-internals/<h2 id="introduction">Introduction</h2> <p>In the intricate landscape of web security, protecting users from malicious attacks is a paramount concern. Content Security Policy (CSP) stands as a critical defense mechanism, acting as an additional layer of security to mitigate various code injection threats. It&rsquo;s not merely a &ldquo;firewall&rdquo; but a sophisticated agreement between a web server and a browser, dictating precisely which resources the browser is permitted to load and execute for a given page.</p>https://ai-blog.noorshomelab.dev/how-it-works/csrf-attacks-internals/Wed, 07 Jan 2026 00:00:00 +0000https://ai-blog.noorshomelab.dev/how-it-works/csrf-attacks-internals/<h2 id="introduction">Introduction</h2> <p>Cross-Site Request Forgery (CSRF), sometimes pronounced &ldquo;sea-surf&rdquo; or referred to as XSRF, is a critical web security vulnerability that allows an attacker to induce a user&rsquo;s browser to send an unintended, malicious request to a website where the user is already authenticated. Unlike phishing, where an attacker tries to trick a user into revealing credentials, CSRF exploits the browser&rsquo;s inherent trust in a user&rsquo;s session and the automatic inclusion of authentication credentials (like session cookies) with every request to a domain.</p>