13. An attack that executes a request on behalf of another
authenticated user that was not intending to perform that action
being requested
Cross-site Request Forgery
23. An attack that injects malicious code into a trusted web site such
that it may be executed unintendedly by other users
Cross-site Scripting (XSS)
24. Prevention
Content Security PolicyInput Handling
Control what resources the
browser is allowed to load
Ensure data is aligned with
the expectations for its
intended use