A web attack is a plan to exploit vulnerabilities in the web page, or parts of it. The attacks could involve the content, web application or server of a site. Websites can provide numerous opportunities for attackers to gain unauthorised access, gain confidential information, or introduce malicious content.
Attackers usually look for weaknesses in the structure or content of websites to gain access to data, control the website or cause harm to users. Common attacks include brute force attacks (XSS) and attacks on uploads of files, and cross-site scripting. Other attacks can be carried out using social engineering, including phishing, or malware attacks, such as ransomware, trojans, worms or spyware.
The majority of attacks on websites are directed at the web application. This is the hardware and software that websites use to provide information to its users. Hackers are able to attack websites using its weaknesses. These include SQL injection, cross site request forgery, and reflection-based XSS.
SQL injection attacks exploit the databases which web applications rely on to store and distribute content. These attacks could expose sensitive data such as passwords, account logins and credit card numbers.
Cross-site scripting attacks depend on the flaws in websites’ code to display illegal images or text, hijack session details and redirect users to phishing websites. Reflective XSS allows attackers to execute arbitrary code.
A man-in-the-middle attack happens when an outside party intercepts the communication between you and the web server. The third party is then able to modify the messages as well as spoof certificates and alter DNS responses, and the list goes on. This is an extremely effective method to alter your online activities.