remote-control software on visiting clients.

               For the administrator of a website, defenses against XSS include
               maintaining a patched web server, using web application firewalls,

               operating a host-based intrusion detection system (HIDS), auditing
               for suspicious activity, and, most important, performing server-side
               input validation for length, malicious content, and metacharacter
               filtering. As a web user, you can defend against XSS by keeping your
               system patched, running antivirus software, and avoiding

               nonmainstream websites. There are add-ons for some web browsers,
               such as NoScript for Firefox and uBlock Origin for Chrome, that allow
               only scripts of your choosing to be executed.

               Cross-site request forgery (XSRF) is an attack that is similar in nature
               to XSS. However, with XSRF, the attack is focused on the visiting
               user’s web browser more than the website being visited. The main
               purpose of XSRF is to trick the user or the user’s browser into

               performing actions they had not intended or would not have
               authorized. This could include logging out of a session, uploading a
               site cookie, changing account information, downloading account
               details, making a purchase, and so on. One form of XSRF infects a
               victim’s system with malware that stays dormant until a specific
               website is visited. Then the malware forges requests as the user in
               order to fool the web server and perform malicious actions against the

               web server and/or the client.

               One such example of an exploit that used XSRF is Zeus, which would
               hide on a victim’s system until the user visited their online bank site;
               then, after it checked their account balance and determined their bank
               account number, those details would be sent to the controlling
               attacker, who would initiate an ACH money transfer to another bank.
               Thus, this is an example of malware that assists in stealing money

               directly from the victim’s account.

               Website administrators can implement prevention measures against
               XSRF by requiring confirmations or reauthentication whenever a
               sensitive or risky action is requested by a connected client. This could
               include requiring the user to reenter their password, sending a code to
               the user via text message or email that must be provided back to the