Common web application threats & risk
We all know how important web applications have become in our lives. You can literally see their impact on everything, such as commercial, financial, governmental, corporate, and security applications…etc
Given the increased adoption of web applications comes no surprise that web applications are constantly exposed to various security threats and risks before , I will clearly distinguish the difference between threats and risks.
So what the difference between threats and risks?
- A threat refers to any potential source of harm or adverse event that may exploit a vulnerability in a system or have an exploit available in the public network.
- Threats can be human mad, such as cybercriminals, black hate, scammers and do on.
Note: the threats they can be natural, such as floods ,earthquakes, power outages.
So what’s about risks ?
- Risks is the potential for a loss or harm resulting from a threat exploiting we can conclude , The threats comes after the risks.
How can we measure the risks ?
- Does the attacker can access in assets of the company?
- Does the attacker need to have any specially knowing ? Maybe it’s just script kids :)
- Does the exploit in a free or private tools?
Common web applications threat & risks
- Cross-site scripting (XSS): attacker inject malicious scripts into web page viewed by other users.
- Sql injection (SQL): attackers manipulate user input to inject malicious code in the database and extract sensitive information.
- Cross-site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. It’s often associated with social engineering, where the attacker might send messages to the victim, such as a link or something similar, tricking the victim into changing their email or performing other unintended actions.
- Security Misconfiguration: when the administrator forget some available information on the network or in the server and the attacker get this point and then be foothold for him .
- Sensitive data exposure : failure to adequately protect sensitive data, such as password or personal information, can lead to data breach.
- Brute force: most common threat in the cybersecurity when you select the list of word to guess credentials like username or passwords
- File upload vulnerability: insecure file upload mechanism can enable attackers to upload malicious files, leading to remote code execution or unauthorized access to the server.
- Denial of service (Dos) and Denial of service (DDos): this attack aims to overwhelm Web applications servers, causing service disruptions and denying legitimate users access.
- Server-side Request Forgery (SSRF): attacker using this technique to make requests from the server to internal resources or external network, potential leading to data threats or unauthorized access.
- Broken access control: Broken access control vulnerability is a security flaw that allows unauthorized users to access, modify, or delete data they shouldn’t have access to. I took this definition from Bright because it’s comprehensive:)
Finally, It’s just some of the many risks that web applications faces and I hope the was useful to you before I gone I suggest if you really interested in web applications security you should to take a look at OWASP top 10 , thank you so much for reading this article:)
Th 10 OWASP threats
Common web application threats & risk was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.
目录
最新
- Docker/Kubernetes (K8s)Penetration Testing Checklist
- TryHackme’s Advent of Cyber 2024 — Day 03 Writeup
- Tricky & Simple EXIF protection Bypass
- Critical Bug: Deny Sign-In & Steal Sensitive Info on Behalf of Victims
- All UPI IDs in India have Predictable Patterns that allow the disclosure of mail IDs
- How to Threat Model: A Guide to Effectively Mapping your Attack Surface
- Web Cache Poisoning: WWWWWH?
- TryHackme’s Advent of Cyber 2024 — Day 02 Writeup