In the past decade, millions of people have used the Web to communicate and conduct business with their customers. This includes web applications that store and collect information. This includes customer information submitted through content management systems or online shopping carts. inquiry forms, or login fields.
Since these applications are online-based and frequently accessible from anywhere in the world, they are vulnerable to attacks on security that exploit weaknesses in the application or its infrastructure. For example, SQL injection attacks (which exploit weaknesses in the database) could result in compromised databases that contain sensitive data. Attackers can leverage the foothold they gain through compromising your Web application to locate other systems that are more vulnerable within your network.
Other commonly used Web attack types include Cross Site Scripting attacks (XSS) that exploit vulnerabilities in the web server to inject malicious code into web pages, and which then executes as an infected code in the victim’s browser. This allows attackers obtain confidential information or to redirect users to websites that are phishing. XSS attacks are most common on message boards, blogs and web forums.
Distributed denial of service attacks (DDoS) involve hackers joining together to bombard a site with more requests than it can field. This can cause the web site to slow down or even stop functioning altogether in a way that hinders the ability of the site to process requests, rendering it unusable for all users. This is why DDoS attacks can be particularly damaging for small businesses that depend on their websites to run like local bakeries or restaurants.