Skip to main content

Top 5 Web Attacks

THE TOP 05 SECURITY VULNERABILITIES 

    Web application security is a central component of any web-based business. The global nature of the Internet exposes web properties to attack from different locations and various levels of scale and complexity. Web application security deals specifically with the security surrounding websites, web applications and web services such as APIs.


 SQL INJECTION

What is SQL INJECTION ?

    SQL Injection is a technique for poisoning dynamic SQL statements by commenting out sections of the statement or attaching a condition that will always be true.
It exploits SQL statements to execute malicious SQL code by exploiting design weaknesses in poorly constructed online applications. 


 

 CROSS SITE SCRIPTING (XSS)

What is CROSS SITE SCRIPTING ?

    Cross-site scripting (XSS) is a vulnerability in which an attacker embeds code on a legitimate website that executes when the victim visits it.
Malicious code can be introduced in a variety of methods.It is most commonly put to the end of a URL or directly onto a page that shows user-generated content.Cross-site scripting, in more technical words, is a client-side code injection attack.

    

REMOTE FILE INCLUSION (RFI)

What is REMOTE FILE INCLUSION ?

    RFI (remote file insertion) is a type of attack that exploits flaws in web applications that dynamically reference external scripts.The criminal intends to use an application's referencing function to upload malware from a remote URL that is hosted on a different domain.Successful RFI assaults result in compromised servers, data theft, and a site takeover that allows content change. 
 


CROSS SITE REQUEST FORGERY (CSRF)

What is CROSS SITE REQUEST FORGERY ?

    A cross site request forgery attack is a type of confused deputy* cyber attack that tricks a user into accidentally using their credentials to invoke a state changing activity, such as transferring funds from their account, changing their email address and password, or some other undesired action.
    While the potential impact against a regular user is substantial, a successful CSRF attack against an administrative account can compromise an entire server, potentially resulting in complete takeover of a web application, API, or other service.
 

DENIAL-OF-SERVICE (DOS)

What is DENIAL-OF-SERVICE ? 

    Denial-of-service (DoS) attacks are designed to bring a company's systems to a halt or significantly impair them. The purpose of this cyber attack, unlike most others, is not to steal vital information, but to annoy the victim by taking their website offline.

    Many DoS assaults are politically motivated, however some attacks are meant to distract the victim while the attacker conducts a more sophisticated attempt to steal information. 
 


Comments

Post a Comment

Popular posts from this blog

Who is pentester ?

  Penetration Tester Overview A penetration tester is a network security expert who attempts to break into or discover potential exploits in various computer systems and software.They can be thought of as a form of ethical hacker.They are typically expected to conduct a number of tests, most of which are focused on network penetration, and then write up evaluation reports based on their findings. While they will frequently conduct pre-determined sorts of tests, they will also develop their own tests for a significant amount of the time, which demands creativity and inventiveness, as well as a high level of technical understanding and know-how.    You'd be expected to conduct formal tests on web-based apps, networks, and other sorts of computer systems on a regular basis as a penetration tester.Physical security inspections of servers, computer systems, and networks will also be expected of you.You'll be conducting regular security audits from both a logical/theoretical an...
Post a Comment
Read more

Improve Your Web Application Security

HOW TO IMPROVE WEB APPLICATION SECURITY      Robust security measures must advance in tandem with web application technologies. Web app security threats are real and happening all over the world. To protect against emerging threats, standard measures are no longer sufficient. Fortunately, apps do not have to remain vulnerable, waiting for bad actors to abuse them. To safeguard this ever-increasing attack surface, robust security procedures and practices can be implemented. How to Improve Web Application Security  Choose a secure host Secure your login pages using SSL (HTTPS) encryption  Always sanitize and validate user input Have a good password policy  Limit access rights and credentials Keep your website clean Ensure everything is up to date Keep regular backups Make sure to tweak the default settings of your CMS Run security tests on your website for vulnerabilities             Sometimes the most straightforward approa...
Post a Comment
Read more

What is web application ?

WEB APPLICATION  What is WEB APPLICATION ? In today’s world, the usage of web applications growing day by day. The professionals of software area like Software Developer and Software Testers need to have familiar with Web Applications. It is a client-server application program, stored on a remote server that uses web browsers and web technology to perform specific function over the Internet through a browser interface. As said above, It is a client-server application program, therefore in the client-server environment, multiple computers can share information like saving the information into a database. The “client” can be used to enter the information, and the ‘server’ is used as storage for the information.   How do web applications work? A typical web application workflow looks like the following:   A user submits a request to a web server over the internet, either through a web browser or through an app's user interface. The webserver send...
Post a Comment
Read more