[SC-L] Announcement: The Cross-site Request Forgery FAQ

[Florian Weimer]

>  URL: The Cross-site Request Forgery FAQ 
>  http://www.cgisecurity.com/articles/csrf-faq.shtml 

Regarding, "Who discovered CSRF?", the attack is mentioned in section
4.3.5 of RFC 2109, which dates back February 1997.  Of course, the
suggested remedies look rather strange today.

You characterisation of cross-site scripting attacks ("Cross-Site
Scripting exploits the trust that a user has for the website or
application.") is somewhat misleading, unless one reads "client" for
"user".