There are a variety of ways attackers can target Web applications (websites that allow you to interact directly with software via the browser) to steal confidential data or introduce malicious code or even take over your computer. These attacks exploit weaknesses in components like web apps and content management systems as well as web servers.
Web app attacks comprise a large portion of all security threats. In the past 10 years attackers have developed their skills at identifying and exploiting vulnerabilities that affect the perimeter defenses of an application. Attackers can bypass most common defenses using techniques like phishing, botnets and social engineering.
A phishing scam involves tricking victims into clicking on an email link containing malware. This malware is downloaded to the victim’s computer, and gives attackers access to devices or systems. Botnets are networks of infected and compromised connected devices, that attackers use to launch DDoS attacks, spread malware, continue fraud through ads, and more.
Directory (or path) traversal attacks leverage movement patterns to gain access to data on websites, their configuration files and databases. Input sanitization is necessary to protect against this type attack.
SQL injection attacks target databases that stores important site and service information by injecting malicious code, which allows it to override security controls and reveal information that normally would not. Attackers can run commands, dump databases and more.
Cross-site scripting attacks (or XSS), insert malicious code on a trusted site to hijack the browsers of users. This allows attackers to access session cookies and private information, impersonate a user or alter content, and many more.