MITM, CSRF, and XSS: How to Prevent Famous Cyber Attacks

What every web developer should never ever miss

Photo by Nahel Abdul Hadi on Unsplash


Man-In-The-Middle. It happens when an attacker is between the client and the server and listening to all their communications.

  • Set Set-Cookie header to have secure in order to only pass cookies while in HTTPS mode
  • Redirect all HTTP to HTTPS on the server level
  • Use HSTS by setting Strict-Transport-Securityheader to force redirecting the client to use HTTPS for all subsequent requests


Cross-Site Request Forgery. It happens when an attacker phishing website shows an identical design of the website and sends requests to the server on behave of the client. The server won’t have an idea that this the attacker.

  • Use CSRF token middleware to generate a random token for the user session and attached to the client requests to verify these requests generated from the correct client.


Cross-Site Scripting. It happens when a script is injected into the client UI and it gains access to read sensitive information or send requests on behave of the client.

Web Application Developer. Knowledge hungry always learning. Aspiring to become a Web Unicorn. Find me @abduvik on social platforms.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store