THE TOP 05 SECURITY VULNERABILITIES
Web application security is a central component of any web-based
business. The global nature of the Internet exposes web properties to
attack from different locations and various levels of scale and
complexity. Web application security deals specifically with the
security surrounding websites, web applications and web services such as
APIs.
SQL INJECTION
What is SQL INJECTION ?
SQL Injection is a technique for poisoning dynamic SQL statements by commenting out sections of the statement or attaching a condition that will always be true.
It exploits SQL statements to execute malicious SQL code by exploiting design weaknesses in poorly constructed online applications.
It exploits SQL statements to execute malicious SQL code by exploiting design weaknesses in poorly constructed online applications.
CROSS SITE SCRIPTING (XSS)
What is CROSS SITE SCRIPTING ?
Cross-site scripting (XSS) is a vulnerability in which an attacker embeds code on a legitimate website that executes when the victim visits it.
Malicious code can be introduced in a variety of methods.It is most commonly put to the end of a URL or directly onto a page that shows user-generated content.Cross-site scripting, in more technical words, is a client-side code injection attack.
Malicious code can be introduced in a variety of methods.It is most commonly put to the end of a URL or directly onto a page that shows user-generated content.Cross-site scripting, in more technical words, is a client-side code injection attack.
REMOTE FILE INCLUSION (RFI)
What is REMOTE FILE INCLUSION ?
RFI (remote file insertion) is a type of attack that exploits flaws in web applications that dynamically reference external scripts.The criminal intends to use an application's referencing function to upload malware from a remote URL that is hosted on a different domain.Successful RFI assaults result in compromised servers, data theft, and a site takeover that allows content change.
CROSS SITE REQUEST FORGERY (CSRF)
What is CROSS SITE REQUEST FORGERY ?
A cross site request forgery attack is a type of confused deputy*
cyber attack that tricks a user into accidentally using their
credentials to invoke a state changing activity, such as transferring
funds from their account, changing their email address and password, or
some other undesired action.
While the potential impact against a regular user is substantial, a
successful CSRF attack against an administrative account can compromise
an entire server, potentially resulting in complete takeover of a web
application, API, or other service.
DENIAL-OF-SERVICE (DOS)
What is DENIAL-OF-SERVICE ?
Denial-of-service (DoS) attacks are designed to bring a company's systems to a halt or significantly impair them. The purpose of this cyber attack, unlike most others, is not to steal vital information, but to annoy the victim by taking their website offline.
Many DoS assaults are politically motivated, however some attacks are meant to distract the victim while the attacker conducts a more sophisticated attempt to steal information.
Comments
Post a Comment