Web Application is the major application used across the Internet to distribute and access data and hence it’s targeted a lot by attackers. The following are web application attacks:
Directory Transversal – Attackers can transverse web directories by exploiting vulnerabilities and access directory that is not supposed to be accessed.
Hidden Manipulation – Web Application has hidden fields kept by the developers that is not visible to users. Attackers manipulate these hidden forms leading to access of data or manipulate data.
XML External Entity (XXE) – Attacker uses the vulnerability in the XML parsing capability of web applications. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser which leads to disclosure or manipulation of data.
SQL Injection – Attacker exploits SQL vulnerability and inject malicious SQL statements to get un-authorized data or manipulate data.
LDAP Injection – Attacker exploits by injecting LDAP commands through the Web application to the LDAP server and get un-authorized data or manipulate data.
Cross-Site Scripting (XSS) – Attackers inject malicious scripts into vulnerable web application. When users access these applications, the malicious script executes and the attackers can access or manipulate data and do other malicious activities.
Command Injection – Attackers injects exploits vulnerabilities in the application and inject commands into the operating system to perform malicious activities.
SSRF (Server-Side Request Forgery) – Attackers exploits the vulnerabilities in the web application to access an internal resource from the application which can’t be accessed directly by the attacker.
CSRF (Cross-site Request Forgery) – Also known as One Click Attack or Session Riding is where attacker exploits the trust that the web application has on the client. The attacker tricks the user to click links that will enable to get access privilege access to web application that the user has after which attacker performs malicious activities on the application.
DoS/DDoS Attack – Attacker sends repeated and multiple requests to web application and deplete the resources like CPU/Memory leading to denial to web application service.