Nessun commento

What is Web Attack?

There are many ways attackers could target web applications (websites that let you communicate with software via a browser) to steal confidential information or introduce malicious code and even take over your PC or device. These attacks exploit vulnerabilities in components such as web apps such as content-management systems, web servers.

Web app attacks comprise a large percentage of all security threats. In the past decade, attackers have improved their ability to identify and exploiting vulnerabilities that affect security perimeters for applications. Attackers are able to bypass the all common defenses using methods such as botnets, phishing, or social engineering.

Phishing attacks fool victims into clicking an email link containing malware. This malware downloads to their computer, allowing attackers to take over systems or devices for different motives. Botnets are a collection of compromised and infected devices, which attackers utilize to launch DDoS attacks or spread malware, to continue fraud in advertising, and much more.

Directory (or path) traversal attacks leverage movement patterns to gain access to data on the website, its configuration files as well as databases. The need for input sanitization is to guard against this type of attack.

SQL injection attacks target databases that stores important site and service information by injecting malicious code that enables it to bypass security measures and disclose information that it normally wouldn’t. Attackers can then execute commands to dump databases, and many other things.

Cross-site scripting attacks (or XSS), insert malicious code on a trusted website to take over the browsers of users. This enables attackers to take session cookies and confidential information, impersonate users, manipulate the content, and so on.