OWASP A8 and A3: Cross-site Attacks