This document describes a boy who brought his sugar glider on a plane trip and had issues with the TSA inspecting it. It then discusses common web security attacks like cross-site request forgery and cross-site scripting, and methods to prevent these attacks like input validation, sanitization, and escaping. It emphasizes applying security measures on both the client-side and server-side to protect against malicious inputs and unauthorized requests.
14. An attack that executes a request on behalf of another
authenticated user that was not intending to perform
that action being requested
Cross-site Request Forgery
23. An attack that injects malicious code into a trusted web
site such that it may be executed unintendedly by other
users
Cross-site Scripting (XSS)
24. Prevention
Content Security PolicyInput Handling
Control what resources
the browser is allowed to
load
Ensure data is aligned
with the expectations for
its intended use